Question

Match each statement below with the appropriate term that best describes it:

i. After considering implemented controls, the desired level of the risk of a major cyberattack is low
ii. Before considering controls, the level of risk of a major cyberattack is high
iii. After considering implementing controls, the level of the risk of a major cyberattack is medium
a. (i) Internal control; (ii) inherent risk; (iii) target residual risk
b. (i) Target residual risk; (ii) internal control; (iii) inherent risk
c. (i) Target residual risk; (ii) actual residual risk; (iii) assessed risk
d. (i) Target residual risk; (ii) inherent risk; (iii) actual residual risk

Answer 1

The correct matches for the risk management statements are: (i) Target residual risk, (ii) inherent risk, and (iii) actual residual risk.

Step-by-step explanation:

The student's question pertains to risk management in the context of cybersecurity. Each statement provided needs to be matched with the correct risk management term. The terms to match are:

1. After considering implemented controls, the desired level of the risk of a major cyberattack is low.
2. Before considering controls, the level of risk of a major cyberattack is high.
3. After considering implementing controls, the level of the risk of a major cyberattack is medium.

The correct answer is:

• (i) Target residual risk: This term refers to the level of risk that remains after controls have been implemented and it aligns with the desired or acceptable level of risk.
• (ii) Inherent risk: This refers to the level of risk that exists before any controls or mitigations are applied.
• (iii) Actual residual risk: This is the level of risk that actually exists after controls have been implemented, which may differ from the target residual risk.

Therefore, the correct match for the statements is option d. (i) Target residual risk; (ii) inherent risk; (iii) actual residual risk.