An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. Post remediation work, the assessment recorded the following:
1. There will be a $20.000 per day revenue loss for each day the system is delayed going into production.
2. The inherent risk was high.
3. The residual risk is now low.
4. The solution rollout to the contact center will be a staged deployment.
Which of the following risk-handling techniques will BEST meet the organization’s requirements post remediation?

A. Apply for a security exemption, as the risk is too high to accept.

B. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C. Accept the risk, as compensating controls have been implemented to manage the risk.

D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.








 

Suggested Answer: C

Community Answer: C



This question is in CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.