Sara, the Chief Security Officer (CSO), has had four security breaches during the past two
years. Each breach has cost the company $3,000. A third party vendor has offered to repair
the security hole in the system for $25,000. The breached system is scheduled to be
replaced in five years. Which of the following should Sara do to address the risk?
A.
Accept the risk saving $10,000.
B.
Ignore the risk saving $5,000.
C.
Mitigate the risk saving $10,000.
D.
Transfer the risk saving $5,000.
huh??
—–
“Sara has had four security breaches during the past two years”:
Translation: Annual Rate of Occurence (ARO) = 2
“Each breach has cost the company $3,000”
Translation: Single Loss Expectency (SLE) = $3,000
Thus, the ALE = ARO * SLE = $6,000.
“The breached system is scheduled to be replaced in five years.”
Translation: $6,000 * 5 years = $30,000.
The repair cost is $25,000. the difference = $5,000.
I GUESS that’s why they said “D”.
0
0
Q307 Transfer the risk to what? Security breach insurance policy?
0
0
I assume that the risk is transferred to the vendor claiming to be able to fix the problem.
My book says that you can do this with risk: mitigate, accept, deter, avoid, transfer.
If that is Gospel according to Security+, then you can ignore B. The other two, the numbers don’t add up.
It’s not very satisfactory answer, but then it’s not a very satisfactory question. It might be totally unreasonable to assess the future risk at $6k per year. For example, it could be a growing or shrinking system, meaning the SLE could go up or down. The ARO might be expected to increase (this is usual), especially if the target becomes more attractive.
But this is an entry level certification.
0
0
volfkhat did a great job on this question all i could add is that
Ignore the risk will cost you ALE = ARO * SLE = $6,000.
as opposed to transferring the risk saving you $5,000 in 5 years
therefor in five years,if you ignore the risk your cost will be $6,000 * 5 years = $30,000.
0
0
crappy vague question…. I wonder to whom he risk will be transferred?
0
0