How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Which means the company understands the level of risk it is faced.
The following answers are incorrect because : Reject the risk is incorrect as it means ignoring the risk which is dangerous.
Perform another risk analysis is also incorrect as the existing risk analysis has already shown the results.
Reduce the risk is incorrect is applicable after implementing the countermeasures.
Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 39
When the cost of the countermeasure outweighs the cost of the risk, organizations must determine the best course of action to take in handling the risk. There are several options available to organizations when dealing with a risk that is deemed to be too costly to mitigate:
A. Reject the risk: This option is suitable when the potential cost of the risk is relatively low, and the cost of implementing a countermeasure is too high. In this case, the organization can choose to accept the risk and allocate its resources to other priorities.
B. Perform another risk analysis: Organizations may conduct another risk analysis to ensure that they have fully considered all available options and to ensure that the decision they make is based on accurate information. This can help the organization identify any new risks that have emerged since the previous analysis and determine whether the cost of the countermeasure outweighs the cost of the risk.
C. Accept the risk: This option is suitable when the potential cost of the risk is low or moderate, and the cost of implementing a countermeasure is too high. Organizations that accept risks must ensure that they have taken reasonable steps to mitigate the risks to the extent possible, given the resources and constraints they face.
D. Reduce the risk: This option is suitable when the potential cost of the risk is high, and the cost of implementing a countermeasure is relatively low. In this case, the organization may choose to implement the countermeasure to reduce the risk to an acceptable level.
In summary, when the cost of the countermeasure outweighs the cost of the risk, organizations must consider their options carefully. Rejecting the risk, performing another risk analysis, accepting the risk, or reducing the risk are all potential options that organizations may consider based on their resources, priorities, and risk tolerance.