Q: 19
What risk treatment option has Company A Implemented If it has decided not to collect information
from users so that It is not necessary to implement information security controls?
Options
Discussion
A , had something like this in a mock. If you just stop collecting the data entirely, you're avoiding the risk itself rather than trying to control or reduce it. Pretty straightforward, but open to other takes.
Option C makes more sense to me, since modifying controls seems like risk modification. Pretty sure that's correct, but could see why A is tempting since the question is worded oddly.
Yeah, makes sense to me. A
Be respectful. No spam.
