At a minimum,each information asset-threat pair should have a(n)____ that clearly identifies any residual risk that remains after the proposed strategy has been executed.
A) risk management plan
B) documented control strategy
C) asset valuation
D) cost-benefit analysis

Question

Quizplus · Accepted Answer

The phrase "residual risk" in the question suggests that a control strategy has already been proposed. The best choice among the options listed is a documented control strategy, as it is the most likely to include the details of proposed controls and their expected effectiveness in reducing risk. While the other options (risk management plan, asset valuation, cost-benefit analysis) may be part of a comprehensive risk management approach, they do not directly address the need to identify residual risk specific to each asset-threat pair.

At a Minimum,each Information Asset-Threat Pair Should Have A(n)____ That