The total cost of security controls should:

The total cost of security controls must always be less than the value of the protected asset, ensuring cost-effectiveness in resource allocation.

Economic Principle of Security:

Spending more to protect an asset than its value undermines the financial justification for security.

Cost-Benefit Consideration:

Security investments should provide value greater than their cost by reducing potential losses and improving operational resilience.

Relevance of Other Options:

Equal to Value: Break-even point but not cost-efficient.

Greater than Value: Leads to inefficiencies.

Should Not Matter: Contradicts sound financial practices.

Economic Feasibility of Security Measures: Discusses balancing security costs with asset value.

Risk-Driven Decision Making: Guides the alignment of resource allocation with organizational goals and asset value.

EC-Council CISO References: