In a risk assessment, what does "Fragile" indicate?

In the context of risk assessment, "Fragile" typically signifies that there is a reliance on a single control to protect against high-risk events. This indicates that while a control may exist, it is not robust enough to withstand significant threats or multiple failure scenarios. If that one control were to fail or be bypassed, the organization could face considerable risk or damage.

For example, relying solely on a single firewall to protect an entire network could be described as fragile. Although it serves a critical function, if that firewall is compromised, there would be no other layers of defense to mitigate the risk of an attack. This characteristic makes the risk landscape precarious, reinforcing why reliance on multiple controls or mitigations is essential in establishing a more resilient security posture.

In contrast, a strong control or a minimal chance of loss would imply a more stable risk environment, whereas a frequent threat presence indicates ongoing problems that need to be managed. Therefore, option C’s specification of dependence on a single control highlights a key vulnerability in risk management practices.