CompTIA CySA+ (CS0-003) — Question 278

A Chief Information Security Officer (CISO) has decided the cost to protect an asset is greater than the cost of losing the asset. Which of the following risk management principles is the CISO following?

Answer options

• A. Accept
• B. Avoid
• C. Transfer
• D. Mitigate

Correct answer: A

Explanation

The correct answer is A, Accept, as the CISO has determined that the cost of protection is not justified compared to the potential loss. The other options, Avoid, Transfer, and Mitigate, involve strategies to reduce or eliminate risk rather than accepting it as a manageable cost.