What term describes a strategic assessment of what level of residual risk is tolerable for an organization?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

What term describes a strategic assessment of what level of residual risk is tolerable for an organization?

Explanation:
Residual risk and how much of it an organization is willing to accept is described by risk tolerance. After security measures are in place, some risk remains, and risk tolerance sets the concrete threshold for what level of that residual risk is acceptable. It guides decisions to accept the remaining risk, mitigate further, transfer, or avoid it. If the residual risk stays within the tolerance, operations can proceed; if it would exceed the tolerance, additional controls or risk treatment are needed. The other terms don’t capture this decision boundary: a secure baseline is a starting set of controls, CVSS scores vulnerability severity rather than organizational risk thresholds, and a vulnerability feed is just a stream of vulnerability data, not a tolerance level.

Residual risk and how much of it an organization is willing to accept is described by risk tolerance. After security measures are in place, some risk remains, and risk tolerance sets the concrete threshold for what level of that residual risk is acceptable. It guides decisions to accept the remaining risk, mitigate further, transfer, or avoid it. If the residual risk stays within the tolerance, operations can proceed; if it would exceed the tolerance, additional controls or risk treatment are needed. The other terms don’t capture this decision boundary: a secure baseline is a starting set of controls, CVSS scores vulnerability severity rather than organizational risk thresholds, and a vulnerability feed is just a stream of vulnerability data, not a tolerance level.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy