What is a control gap? a. A firewall rule issue b. The difference between total risk and mitigated risk c. An undocumented policy d. A lack of encryption

A control gap refers to a deficiency or absence in the controls in place to manage risk effectively. Among the options provided, the best answer is: **b. The difference between total risk and mitigated risk.** This choice reflects the idea that a control gap represents the portion of risk that remains unaddressed after mitigation efforts have been applied.