Which of the following provides the BEST explanation regarding why an organization needs to
implement IT security policies?
A.
To ensure that false positives are identified
B.
To ensure that staff conform to the policy
C.
To reduce the organizational risk
D.
To require acceptable usage of IT systems
Explanation:
Once risks has been identified and assessed then there are five possible actions that should be
taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk
acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and
implementing IT security policy is a risk mitigation strategy.