The information security manager should recommend to business management that the risk be:

After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the
benefit to be derived. The information security manager should recommend to business
management that the risk be:

After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the
benefit to be derived. The information security manager should recommend to business
management that the risk be:

A.
transferred.

B.
treated.

C.
accepted.

D.
terminated.

Explanation:

When the cost of control is more than the cost of the risk, the risk should be accepted.
Transferring, treating or terminating the risk is of limited benefit if the cost of that control is more
than the cost of the risk itself.



Leave a Reply 0

Your email address will not be published. Required fields are marked *