An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?
A. KPI
B. KRI
C. GRC
D. BIA
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
D. Business Impact Analysis
From CompTIA’s official ebook:
– BIA (business impact analysis) A document that identifies present organizational risks and determines the impact to ongoing, business critical operations if such risks actualize.
– GRC (governance, risk management, and compliance) A solution for monitoring these three security concepts as they are implemented in an enterprise.
C