CompTIA CASP+ Practice Test

What statement best explains the challenges of implementing effective IT security controls?

• A. Security controls can be 100% effective with proper installation
• B. Security controls often have gaps that must be communicated to stakeholders
• C. IT security measures are sufficient once established
• D. Modern threats can be fully mitigated with technology

The correct answer is: Security controls often have gaps that must be communicated to stakeholders

The correct statement highlights a critical aspect of IT security control implementation: the presence of gaps that can exist in security measures and the importance of communicating these gaps to stakeholders. In the realm of IT security, it is crucial to recognize that no security control can achieve absolute effectiveness due to the evolving nature of threats, changes in the environment, and the complexities associated with technology and human behavior. The acknowledgment of gaps invites a proactive approach to risk management. By communicating these potential weaknesses to stakeholders, organizations can ensure that they understand the risks involved and are engaged in the decision-making process regarding mitigation strategies. This transparency fosters a culture of security awareness and encourages collaborative efforts to bolster defenses where vulnerabilities exist. In contrast, the other options imply a level of infallibility or completeness in security measures that does not reflect the reality of the security landscape. For instance, the notion that security controls can be 100% effective or that IT security measures are sufficient once established overlooks the need for continuous assessment and adaptation to emerging threats. Similarly, claiming that modern threats can be fully mitigated solely through technology fails to recognize the multifaceted nature of security, which also includes human factors and organizational policies.