An organization has decided to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable. As a result of this decision, the risk associated with these new entries has been:
When an organization postpones the assessment and treatment of risk scenarios due to stakeholder unavailability or other reasons, the risk is considered "deferred." This means the organization has chosen to delay action on the risk until a later time, rather than accepting, mitigating, or transferring it.
The best answer is C. deferred.
Here's why:
Postponed assessment and treatment: The organization has chosen to delay the assessment and treatment of the risks. This means that the risks have not been addressed in any way, and their potential impact remains unmitigated.
Risk remains unaddressed: By delaying the assessment and treatment, the organization has essentially chosen to not address the risks at this time. This does not mean that the risks have been eliminated or resolved; they simply remain unaddressed and unmitigated.
Deferred action: Deferring action implies that the organization intends to address the risks at a later date. This is different from accepting or transferring the risks, which would involve permanently relinquishing responsibility for them.
According to ISACA, when an organization decides to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable, the risk associated with these new entries is deferred.
: Communicating Information Security Risk Simply and Effectively, Part 2: A Three-Step Process for Top Management
Some reasoning is a bit scary and can be solved simply with a little study of the basics. Obviously there is no risk treatment action that is 'deferring it' and 'avoiding it' means that the treatment associated with the risk is no longer carried out. Doing nothing means that the organization is accepting the risk.
TBH this is the first time I heard 'deffer' as risk response strategy. If they postponed the risk response due to certain reasons they accepted the risk as it will be untreated until stakeholders are not available.
Defer is definitely not a concept in the 7th edition review manual.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cyberbugnx
3 months, 3 weeks agoKennethlim79
1 year, 3 months agoeblue
1 year, 5 months agoCbtL
1 year, 11 months agojohn_boogieman
2 years, 1 month agoGRamos
2 years, 2 months ago[Removed]
2 years, 4 months agojohnwalters
2 years, 5 months agoKozy
2 years, 5 months agoCbtL
1 year, 11 months ago