An IT security manager is asked to provide the total risk to the business.
Which of the following calculations would he, security manager, choose to determine total risk?
A.
(Threats X vulnerability X asset value) x controls gap
B.
(Threats X vulnerability X profit) x asset value
C.
Threats X vulnerability X control gap
D.
Threats X vulnerability X asset value
Explanation:
Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to
calculate a risk.