Weekly CISSP Exam Questions
John, a CISO, notices that employees regularly access company data from public WiFi. What's the most suitable risk response?
A. Avoidance
B. Transference
C. Mitigation
D. Acceptance
Correct Answer: C
Explanation:
Avoidance: This would mean completely forbidding employees from accessing company data over public WiFi. While this would eliminate the specific risk, it may not be practical if employees need to work remotely or while traveling.
Transference: This generally involves shifting the risk to a third party, usually through insurance or outsourcing. In the context of employees using public WiFi, there's no effective way to transfer the risk.
Mitigation: This involves taking steps to reduce the impact or likelihood of the risk. For example, John could implement a robust Virtual Private Network (VPN) that employees must use when accessing company data over public WiFi. This would encrypt the data traffic, making it much more difficult for attackers to intercept sensitive information. Other mitigation steps could include multi-factor authentication, security awareness training about the risks of public WiFi, and endpoint security solutions.
Acceptance: This would mean acknowledging the risk but deciding not to take any preventative actions. Given the sensitivity of company data and the increasing cybersecurity threats, this is generally not advisable unless the risk is considered to be very low, which is unlikely in this case.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
