Certified Incident Handler (ECIH v3) — Question 44

Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

Answer options

• A. Apply the control
• B. Not to apply the control
• C. Use qualitative risk assessment
• D. Use semi-qualitative risk assessment instead

Correct answer: B

Explanation

The correct answer is B because the cost of the control exceeds the value of the data being protected, making it financially imprudent to apply the control. Options A, C, and D suggest actions that do not take into account the disproportionate cost compared to the value at risk.