Which of the following is most relevant to determining the maximum effective cost of access control?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The cost of access control must be commensurate with the value of the information that is being protected.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
The maximum effective cost of access control is the highest amount that an organization can afford to spend on access control while still achieving an acceptable level of security. To determine this cost, a number of factors must be considered.
Option A, the value of information that is protected, is highly relevant in determining the maximum effective cost of access control. This is because the value of the information determines how much the organization is willing to spend to protect it. For example, highly sensitive information such as financial data or intellectual property may require a higher level of access control and thus a higher budget.
Option B, management's perceptions regarding data importance, can also impact the maximum effective cost of access control. If management perceives certain data to be highly important, they may be more willing to allocate additional resources to protect it.
Option C, budget planning related to base versus incremental spending, is somewhat relevant but not as directly related to determining the maximum effective cost of access control. Base spending refers to ongoing costs that are required to maintain access control systems, while incremental spending refers to additional costs incurred to improve security beyond the baseline. While budget planning is an important factor to consider, it is not as relevant to determining the maximum effective cost as the value of the information being protected.
Option D, the cost to replace lost data, is not directly relevant to determining the maximum effective cost of access control. While the cost to replace lost data is an important consideration, it is not as directly related to access control as the value of the data being protected.
In summary, Option A, the value of information that is protected, is the most relevant factor in determining the maximum effective cost of access control. However, other factors such as management's perceptions and budget planning should also be considered.