crisc question 1062 discussion

View all Certified in Risk and Information Systems Control here

back to isaca forum

Question 1062 Topic 4

Topic 4
Risk acceptance of an exception to a security control would MOST likely be justified when:

A. the end-user license agreement has expired.
B. automation cannot be applied to the control.
C. the control is difficult to enforce in practice.
D. business benefits exceed the loss exposure.

Answer:

D

User Votes:

A

50%

B

50%

C 1 votes

50%

D 4 votes

50%

Discussions

0 / 1000

Temba

2 months, 3 weeks ago

D. business benefits exceed the loss exposure

0