Certified Chief Information Security Officer (CCISO) — Question 57

The exposure factor of a threat to your organization is defined by?

Answer options

• A. Annual loss expectancy minus current cost of controls
• B. Percentage of loss experienced due to a realized threat event
• C. Asset value times exposure factor
• D. Annual rate of occurrence

Correct answer: B

Explanation

The correct answer, B, defines the exposure factor as the percentage of loss incurred from a threat event that has occurred. Options A and C are related to financial calculations but do not specifically define exposure factor. Option D refers to the frequency of threat occurrence, which is not the same as the exposure factor.