Which is the most valuable technique when determining if a specific security control should be implemented?

Which is the most valuable technique when determining if a specific security control should be implemented?

Which is the most valuable technique when determining if a specific security control should be implemented?

A.
Risk analysis

B.
Cost/benefits analysis

C.
ALE results

D.
Identifying the vulnerabilities and threats causing the risk

Explanation:
A risk analysis is performed to identify risks and come up with
suggested countermeasures. The ALE tells the company how much it could lose if a
specific threat became real. The ALE value will go into the cost/benefit analysis,
but the ALE does not address the cost of the countermeasure and the benefit of a
countermeasure.



Leave a Reply 0

Your email address will not be published. Required fields are marked *