Which of the following is NOT a valid rule of thumb on risk control strategy selection?
A) When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.
B) When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
C) When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain, by using technical or operational controls.
D) When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.
Correct Answer:
Verified
Q25: By multiplying the asset value by the
Q26: The _ risk control strategy attempts to
Q27: Which of the following is NOT an
Q28: The Microsoft Risk Management Approach includes four
Q29: To keep up with the competition organizations
Q31: The NIST risk management approach includes all
Q32: The risk control strategy that seeks to
Q33: In which technique does a group rate
Q34: When a vulnerability (flaw or weakness)exists in
Q35: The goal of InfoSec is not to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents