Multiple Choice
Which of the following is NOT a valid rule of thumb on risk control strategy selection?
A) When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.
B) When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
C) When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain, by using technical or operational controls.
D) When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.
Correct Answer:
Verified
Correct Answer:
Verified
Q38: The _ risk control strategy attempts to
Q39: Application of training and education is a
Q40: Describe the use of hybrid assessment to
Q41: Briefly describe the five basic strategies to
Q42: By multiplying the asset value by the
Q44: Due care and due diligence occur when
Q45: Describe operational feasibility.
Q46: A <U>benchmark </U>is derived by comparing measured
Q47: The risk control strategy that seeks to
Q48: The ISO 27005 Standard for Information Security