Question

Which of the following scenarios BEST describes a risk reduction technique?

A. A security control objective cannot be met through a technical change, so the company purchases
insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company
implements a policy to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company changes as
method of operation
D. A security control objective cannot be met through a technical change, so the Chief Information
Officer (CIO) decides to sign off on the risk.

Answer 1

The best risk reduction technique is described in Option B, where a company chooses to train users on more secure methods of operation to reduce risks associated with security breaches.

Step-by-step explanation:

The scenario that BEST describes a risk reduction technique is: B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation. This scenario illustrates how a company can actively reduce risk by changing behavior and procedures to enhance security. It aligns with practices like insurance companies offering lower rates for businesses that install top-level security and fire sprinkler systems. Training users in more secure methods is a proactive step towards reducing the likelihood of security breaches and can be considered an effective way of managing risk.