To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

Question

Quizplus · Accepted Answer

To determine the acceptability of a risk, it is important to estimate the expected loss the organization may incur if the risk is exploited or an event occurs. Based on this estimated loss, the organization can decide whether the risk is acceptable or whether further steps need to be taken to mitigate the risk.

To Determine If the Risk to an Information Asset Is