CompTIA CASP+ (CAS-003) — Question 88
In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.
Which of the following strategies should the engineer recommended be approved FIRST?
Answer options
- A. Avoid
- B. Mitigate
- C. Transfer
- D. Accept
Correct answer: B
Explanation
The best strategy in this scenario is to mitigate the minor vulnerability introduced by the legacy ICS equipment, as it is the most appropriate response to a risk that does not significantly threaten the enterprise. Avoiding the risk entirely may not be feasible or necessary, while transferring or accepting the risk would not address the vulnerability effectively.