The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?
A.
The company lacks a risk management process
B.
The company does not believe the security vulnerabilities to be real
C.
The company has a high risk tolerance
D.
The company lacks the tools to perform a vulnerability assessment
Risk Tolerance in Decision-Making:Organizations with high risk tolerance may accept certain vulnerabilities due to business priorities, such as meeting market deadlines or competitive pressures.
Key Considerations:
This decision reflects a calculated trade-off between security and business objectives.
Risk acceptance is documented in a formal risk management process to ensure accountability.
Why Not Other Options:
Lack of risk management process (A): Would indicate an unstructured approach, which is less likely in this context.
Believing vulnerabilities are not real (B): Unlikely for high-risk vulnerabilities.
Lacking tools for assessment (D): Does not explain why the release proceeds despite known vulnerabilities.
EC-Council CISO Framework:Decision-making must align with the organization's risk appetite, a principle central to the EC-Council CISO program.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit