Before taking any specific actions such as transferring risk (Option A), recommending avoidance of the business activity (Option B), or implementing controls (Option D), it's crucial to conduct a thorough assessment of the gap between the current inherent risk and the acceptable risk level. This involves evaluating the specific risks associated with the activity, understanding the potential impact on the organization, and determining the feasibility and effectiveness of various risk management strategies. Assessing the gap provides a foundation for making informed decisions and selecting the most appropriate risk mitigation measures.
C. assess the gap between the current and acceptable level of risk.
Assessing the gap between the current level of risk and the acceptable level of risk is the initial step in understanding the nature and magnitude of the risk exposure. This assessment will help the information security manager make informed decisions about how to proceed.
Once the gap has been assessed, the information security manager can then consider various risk management options, such as implementing controls to mitigate the risk to an acceptable level (option D), transferring the risk to a third party (option A), or recommending that management avoid the business activity (option B). However, understanding the gap is essential before determining which risk management strategy is most appropriate for the specific situation.
My analysis:
A. transfer risk to a third party to avoid cost of impact. ==> need to perform assessment whether this treatment will reduce the risk to acceptable level
C. assess the gap between current and acceptable level of risk. ==> not, because we already now that it is above risk appetite, so gap analysis already been done
D. implement controls to mitigate the risk to an acceptable level. ==> security manager can not implement controls, but the business user
B. recommend that management avoid the business activity. ==> the remaining and best answer
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Viperhunter
3 months, 3 weeks agooluchecpoint
6 months, 2 weeks agokaranvp
8 months, 4 weeks agorichck102
9 months, 3 weeks agoromero318
10 months agoCISM_newbie
11 months, 1 week agovavofa5697
1 year, 1 month ago[Removed]
8 months, 3 weeks agod3vnu77
1 year, 1 month agoMSKid
1 year, 5 months ago