ExamGecko
Search Search Login
Home Home / Isaca / IT Risk Fundamentals
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is used to estimate the frequency and magnitude of a given risk scenario?
An enterprise has moved its data center from a flood-prone area where it had experienced significant service disruptions to one that is not a flood zone. Which risk response strategy has the organization selected?
Which of the following is the PRIMARY concern with vulnerability assessments?
Which of the following risk analysis methods gathers different types of potential risk ideas to be validated and ranked by an individual or small groups during interviews?
Which of the following statements on an organization's cybersecurity profile is BEST suited for presentation to management?
Which of the following is MOST likely to promote ethical and open communication of risk management activities at the executive level?
Which of the following is the MAIN objective of governance?
Which of the following would be considered a cyber-risk?
Which of the following is of GREATEST concern when aggregating risk information in management reports?
The MOST important reason to monitor implemented controls is to ensure the controls:

Question 52 - IT Risk Fundamentals discussion

Report
Export

An enterprise has performed a risk assessment for the risk associated with the theft of sales team laptops while in transit. The results of the assessment concluded that the cost of mitigating the risk is higher than the potential loss. Which of the following is the BEST risk response strategy?

A.

Limit travel with laptops.

Answers
A.

Limit travel with laptops.

B.

Accept the inherent risk.

Answers
B.

Accept the inherent risk.

C.

Encrypt the sales team laptops.

Answers
C.

Encrypt the sales team laptops.

Suggested answer: B

Explanation:

The enterprise has concluded that the cost of mitigating the risk of theft of sales team laptops while in transit is higher than the potential loss, leading to the decision to accept the risk.

Risk Response Strategies Overview:

Risk Acceptance: Choosing to accept the risk and not take any action to mitigate it.

Risk Avoidance: Taking action to completely avoid the risk.

Risk Mitigation: Implementing measures to reduce the likelihood or impact of the risk.

Risk Transfer: Shifting the risk to another party (e.g., through insurance).

Explanation of Risk Acceptance:

Risk acceptance is appropriate when the cost of mitigating the risk is higher than the potential loss.

In this case, the cost-benefit analysis shows that it is more practical to accept the risk rather than invest in expensive mitigation measures.

ISA 315 (Revised 2019), Anlage 6 provides guidance on assessing risks and determining appropriate responses based on the cost and impact of potential risks.

Show Answer
asked 18/11/2024
Vladimir Kornfeld
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms