Which of the following should Sara do to address the risk?

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Sara do to address the risk?

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Sara do to address the risk?

A.
Accept the risk saving $10,000.

B.
Ignore the risk saving $5,000.

C.
Mitigate the risk saving $10,000.

D.
Transfer the risk saving $5,000.



Leave a Reply 7

Your email address will not be published. Required fields are marked *


cgrant22

cgrant22

D.
Transfer the risk saving $5,000.

Mistro50

Mistro50

why is the answer D. Transfer the risk saving $5,000.

sjilek

sjilek

Annual Loss Expectancy = Annual Rate of Occurrence * Single Loss Expectancy
Single Loss Expectancy = Exposure Factor * Asset Value

4 security breaches during the past two years ~ 2 breaches per year
Single loss Expectancy = $3000 per breach >> $6000 per year
For next 5 years = 5 years * $6000 per year = $30,000
$30000 – $25000=$5000; are you transferring the risk or ignoring the risk

Answer D is correct and logical. ” Think of it “…Risk Transfer…” in terms of businness sense.

guru

guru

Thank you for your detailed answer

Debbie

Debbie

In risk management jargon transference should equal insurance. Therefore this example is talking about mitigation saving $5K but I guess transfer is closer because if the hole is repaired it wasn’t ignored.

Jaid

Jaid

Transfer risk to whom?
This risk is still on the company.

I think B is closer but is not so closer too.

Angus

Angus

The real answer would be accept the risk, saving $5,000, but that is not a choice. There is no one to “transfer” the risk to here. So the correct answer has to be B. Ignore the risk and save the $5,000 (ignoring a risk is basically the same as accepting a risk)