When is it acceptable to not take action on an identified risk?

When is it acceptable to not take action on an identified risk?

When is it acceptable to not take action on an identified risk?

A.
Never; good security addresses and reduces all risks

B.
When political issues prevent this type of risk from being addressed

C.
When the necessary countermeasure is complex

D.
When the cost of the countermeasure outweighs the value of the asset and potential loss

Explanation:
Companies may decide to live with specific risks they are faced with
because it would cost more to try and protect themselves than they have a potential
of losing if the threat became real. Countermeasures are usually complex to a degree
and there are almost always political issues surrounding different risks, but these
are not reasons to not implement a countermeasure.



Leave a Reply 0

Your email address will not be published. Required fields are marked *