CISM Certified Information Security Manager – Question0273
The criticality and sensitivity of information assets is determined on the basis of: A. threat assessment. B. vulnerability assessment. C. resource dependency assessment. D. impact assessment.
Correct Answer: D
Explanation:
Explanation: The criticality and sensitivity of information assets depends on the impact of the probability of the threats exploiting vulnerabilities in the asset, and takes into consideration the value of the assets and the impairment of the value. Threat assessment lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value. Vulnerability assessment lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value. Resource dependency assessment provides process needs but not impact.
Please disable your adblocker or whitelist this site!