Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?
A) Create a risk metrics for all unmitigated risks
B) Get approval from the board of directors
C) Verify that the cost of mitigation is less than the risk
D) Screen potential vendor solutions
Correct Answer:
Verified
Q286: The alerting, monitoring and life-cycle management of
Q287: A CISO decides to analyze the IT
Q288: When creating contractual agreements and procurement processes
Q289: Scenario: An organization has made a decision
Q290: Scenario: Critical servers show signs of erratic
Q292: Scenario: Your organization employs single sign-on (user
Q293: Credit card information, medical data, and government
Q294: The new CISO was informed of all
Q295: When would it be more desirable to
Q296: You are just hired as the new
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents