If C represents the cost of instituting safeguards in an information system
and L is the estimated loss resulting from exploitation of the
corresponding vulnerability, a legal liability exists if the safeguards are
not implemented when:
A.
C/L = a constant
B.
C>L
C.
C<L
D.
C = 2L
Explanation:
The correct answer is C<L. If the cost to implement the safeguards is
less than the estimated loss that would occur if the corresponding
vulnerability were successfully exploited, then a legal liability exists.
The other answers are distracters.