PrepAway - Latest Free Exam Questions & Answers

An organization’s information security strategy should be based on:

An organization’s information security strategy should be based on:

PrepAway - Latest Free Exam Questions & Answers

A.
managing risk relative to business objectives.

B.
managing risk to a zero level and minimizing insurance premiums.

C.
avoiding occurrence of risks so that insurance is not required.

D.
transferring most risks to insurers and saving on control costs.

Explanation:

Organizations must manage risks to a level that is acceptable for their business model, goals and
objectives. A zero-level approach may be costly and not provide the effective benefit of additional
revenue to the organization. Long-term maintenance of this approach may not be cost effective.
Risks vary as business models, geography, and regulatory- and operational processes change.
Insurance covers only a small portion of risks and requires that the organization have certain
operational controls in place.


Leave a Reply