[CCCure CISSP] Unacceptable risk confusion

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Unacceptable risk confusion

Uday Kiran
Hi, I have some ambiguity on the below question, I had selected B as an answer however the answer is A, I don't understand how it can anyone pls explain. 
Option 2 is ok.

Unacceptable risk is which of the following?

1. Attacker’s cost < gain

2. Loss anticipated > threshold

3. Attacker’s cost > gain

4. Loss anticipated < threshold

a. 1 and 2

b. 2 and 3

c. 1 and 4

d. 3 and 4

Subject Area: Risk management. Author 3.6. Section 306.6.

Choice (a) is the correct answer. Unacceptable risk is a situation where an attacker’s cost is less than gain and

where loss anticipated by an organization is greater than its threshold level. Choice (d) results in accepting the

risk. The organization’s goals should be to increase attacker’s cost and to reduce an organization’s loss.


--
Regards,
Uday Kiran

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Unacceptable risk confusion

Daniele Luzi
In my opinion you have to exclude the 2 conditions in which you would accept the risk: normally an attacker's cost higher than the possible gain and an organization loss under a certain threshold. So in options 1 and 2 you cannot accept the risk (=unacceptable).

Regards
Daniele

Inviato da iPhone

Il giorno 28/nov/2013, alle ore 02:04, Uday Kiran <[hidden email]> ha scritto:

Hi, I have some ambiguity on the below question, I had selected B as an answer however the answer is A, I don't understand how it can anyone pls explain. 
Option 2 is ok.

Unacceptable risk is which of the following?

1. Attacker’s cost < gain

2. Loss anticipated > threshold

3. Attacker’s cost > gain

4. Loss anticipated < threshold

a. 1 and 2

b. 2 and 3

c. 1 and 4

d. 3 and 4

Subject Area: Risk management. Author 3.6. Section 306.6.

Choice (a) is the correct answer. Unacceptable risk is a situation where an attacker’s cost is less than gain and

where loss anticipated by an organization is greater than its threshold level. Choice (d) results in accepting the

risk. The organization’s goals should be to increase attacker’s cost and to reduce an organization’s loss.


--
Regards,
Uday Kiran
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org