Certified Chief Information Security Officer (CCISO) — Question 156
An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase.
What does this selection indicate?
Answer options
- A. A high threat environment
- B. A low vulnerability environment
- C. A high risk tolerance environment
- D. A low risk tolerance environment
Correct answer: C
Explanation
Choosing a less capable and less expensive firewall despite concerns from the security officer indicates a high risk tolerance environment. This means the organization is willing to accept a higher level of risk for the sake of cost savings. In contrast, a low risk tolerance environment would prioritize security over cost, which is not the case here.