Which of the following scenarios BEST describes a risk reduction technique?
A. A security control objective cannot be met through a technical change, so the company purchases
insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a policy
to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company performs regular
audits to determine if violations have occurred.
D. A security control objective cannot be met through a technical change, so the Chief Information Officer
decides to sign off on the risk.
A. A security control objective cannot be met through a technical change, so the company purchases
insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a policy
to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company performs regular
audits to determine if violations have occurred.
D. A security control objective cannot be met through a technical change, so the Chief Information Officer
decides to sign off on the risk.