Which of the following is NOT a valid rule of thumb on risk control strategy selection?
A) When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exercised.
B) When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
C) When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or negate the attacker's gain, by using technical or operational controls.
D) When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.
Correct Answer:
Verified
Q55: The _ is the calculation of the
Q56: _ is the quantity and nature of
Q57: _ is the process of assigning financial
Q58: The annualized loss expectancy equals the single
Q59: A single loss expectancy is calculated by
Q61: Some information assets acquire value over time
Q62: _ is the choice to do nothing
Q63: Select the list of mitigation strategies in
Q64: At a minimum,each information asset-threat pair should
Q65: A more granular approach to asset valuation,the
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents