Your employer is pleased that you have become CISSP certifiedand would now like you to evaluate your company’s security policy.Your boss believes that encryption should be used for all networktraffic and that a $50,000 encrypted database should replace thecurrent customer database. Based on what you know about riskmanagement, upon what should your decision to use encryption andpurchase the new database be based? Choose the most correctanswer.
A. If an analysis shows that there is potential risk, the costof protecting the network and database should be weighed againstthe cost of the deterrent.
B. If an analysis shows that the company’s network is trulyvulnerable, systems should be implemented to protect the networkdata and the customer database.
C. If the network is vulnerable, systems should be implementedto protect the network and the database, regardless of theprice.
D. Because it is only a customer database and the company is notwell known, the probability of attack is not as great; therefore,the risk should be accepted or transferred through the use ofinsurance.