Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?

Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
A . Historical cost of the asset
B . Acceptable level of potential business impacts
C . Cost versus benefit of additional mitigating controls
D . Annualized loss expectancy (ALE)

View Answer

Answer: C

Explanation:

The security manager would be most concerned with whether residual risk would be reduced by a greater amount than the cost of adding additional controls. The other choices, although relevant, would not be as important.