A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. The MOST likely reason for this decision is:
A.
the cost of implementing controls exceeds the potential financial losses.
B.
the risk assessment has not defined the likelihood of occurrence.
C.
executive management is not aware of the impact potential.
D.
the reported vulnerability has not been validated.
If the business considers A, then they can shut it down, cost of implementing a firewall to blackhole a DDoS is not expensive when compared to business loss.
I think it's A just because it's senior management. Their decisions are ultimately based on a $ value. And if it's more expensive to mitigate than projected loses are, they will just accept the risk.
The MOST likely reason for executive management to take no further action related to the identified threat of a denial of service (DoS) attack would be option A: the cost of implementing controls exceeds the potential financial losses.
It is quite common for organizations to conduct a cost-benefit analysis when addressing potential risks. If the cost of implementing controls to mitigate the risk of a DoS attack is deemed to be higher than the potential financial losses that might occur, executive management may decide to accept the risk and not take any further action. This decision is often driven by the organization's risk appetite and the financial resources available to invest in cybersecurity measures.
Its either B or C
IF its A then that means they have Accepted the risk and it tells they took no Action . Leaning towards B as Risk Assessment is done but they have not mentioned the likelihood of this occurring
Answer is C for me since Financial loss is "nothing" compared to Reputational Risk
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte
10 months, 1 week agoAlexJacobson
1 year agokoala_lay
1 year, 4 months agowickhaarry
1 year, 4 months agowickhaarry
1 year, 4 months agorichck102
1 year, 6 months agocangurer
1 year, 10 months agoomaigret
1 year, 12 months ago