CISM Certified Information Security Manager – Question0422

Which of the following BEST describes the scope of risk analysis?

A.
Key financial systems
B. Organizational activities
C. Key systems and infrastructure
D. Systems subject to regulatory compliance

Correct Answer: B

Explanation:

Explanation: Risk analysis should include all organizational activities. It should not be limited to subsets of systems or just systems and infrastructure.