Multiple Choice
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following: High-impact controls implemented: 6 out of 10 Medium-impact controls implemented: 409 out of 472 Low-impact controls implemented: 97 out of 1000 The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information: Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000 Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000 Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?
A) Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
B) The enterprise security team has focused exclusively on mitigating high-level risks
C) Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
D) The cybersecurity team has balanced residual risk for both high and medium controls
Correct Answer:
Verified
Correct Answer:
Verified
Q167: A firewall specialist has been newly assigned
Q168: A technician is configuring security options on
Q169: A security analyst is reviewing the following
Q170: A technician is reviewing the following log:
Q171: A software development team is conducting functional
Q173: A government contractor was the victim of
Q174: A systems analyst is concerned that the
Q175: A hospital's security team recently determined its
Q176: Company.org has requested a black-box security assessment
Q177: During the deployment of a new system,