CRISC - Risk Response and Reporting - Section 3.6
Design and select controls proportionate to the assessed risk and the cost of control.
Design and select controls that are proportionate to assessed risk, performing a cost-benefit analysis to confirm the cost of control does not exceed the expected loss it prevents. Recognise when compensating controls are appropriate as a temporary measure where the preferred control cannot be implemented.
Control designControl selectionCost-benefitCompensating controls
More in this domain
Back to all Risk Response and Reporting objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.