You have identified a number of risks to which your company’s assets are exposed, and want to implement policies, procedures, and various security measures. In doing so, what will be your objective?
A.
Eliminate every threat that may affect the business.
B.
Manage the risks so that the problems resulting from them will be minimized.
C.
Implement as many security measures as possible to address every risk that an asset may be exposed to.
D.
Ignore as many risks as possible to keep costs down.
Explanation:
Answer B would best benefit the policy for your company to adjust to certain needs for or less depending on the risk. Answer A is wrong because not every threat can be fixed.
Answer C is wrong because it may cost more money to address every risk than what the company makes.
Answer D is obviously wrong.