The cost of implementing a security control should not exceed the:
A.
annualized loss expectancy.
B.
cost of an incident.
C.
asset value.
D.
implementation opportunity costs.
Explanation:
The cost of implementing security controls should not exceed the worth of the asset. Annualized
loss expectancy represents the losses drat are expected to happen during a single calendar year.
A security mechanism may cost more than this amount (or the cost of a single incident) and still be
considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an
item or the making of a business decision.