CISM Certified Information Security Manager – Question0379

Deciding the level of protection a particular asset should be given in BEST determined by:

A.
a threat assessment.
B. a vulnerability assessment.
C. a risk analysis.
D. the corporate risk appetite.

Correct Answer: C