Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Which of the following scenarios BEST describes a risk reduction technique?
A.
A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B.
A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
C.
A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.
D.
A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.
Risk types: acceptance, avoidance, transferance, mitigation
Control types: preventive, detective, corrective, derrent, compensative, physical
According to the CompTIA guide, but the provided answer is correct B) because is mitigating (reducing) the risk by implementing a policy
B is a better risk reduction/mitigation technique compared to C, because training is a preventive control, while C. is primarily a detective and subsequently corrective control.
Prevention is the best form of Control.
In this scenario, the company recognizes that a technical change alone cannot effectively address the security control objective. Instead, they opt to implement a policy to train users on a more secure method of operation. By providing proper training and education to users, the company aims to reduce the risk associated with the control objective that cannot be met through technical means. This approach focuses on enhancing user awareness, knowledge, and behavior to mitigate potential security risks and improve overall security posture.
"A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation."
Risk reduction techniques are designed to lower the probability or impact of identified risks. Option B describes a risk reduction technique through the implementation of a policy to train users on a more secure method of operation, thereby reducing the probability of security incidents caused by user error.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ranaer
Highly Voted 1 year, 3 months agoLePecador
9 months, 2 weeks agoJT4
Highly Voted 6 months, 3 weeks agoirtaza909
Most Recent 3 months, 3 weeks agoMehe323
1 week, 5 days agogho5tface
9 months agoBro111
10 months, 2 weeks agoje123
9 months, 1 week agoje123
9 months, 1 week agoApplebeesWaiter1122
11 months, 1 week agoSophyQueenCR82
1 year, 1 month agosdc939
1 year, 3 months agoJibz18
1 year, 3 months agohsdj
1 year, 3 months ago