Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 102

What is needed to assess risk mitigation effectiveness in an organization?

Answer options

• A. analysis of key performance indicators
• B. compliance with security standards
• C. cost-effectiveness of control measures
• D. updated list of vulnerable systems

Correct answer: C

Explanation

The correct answer is C because measuring the cost-effectiveness of control measures is essential for determining if the investments in risk mitigation are yielding appropriate returns. Options A and B, while relevant, do not directly measure effectiveness, and option D focuses on identifying vulnerabilities rather than assessing the impact of mitigation efforts.