CISM Certified Information Security Manager – Question0422 - CISM Certified Information Security Manager

Which of the following BEST describes the scope of risk analysis?

A. Key financial systems
B. Organizational activities
C. Key systems and infrastructure
D. Systems subject to regulatory compliance

Correct Answer: B

Explanation:

Explanation: Risk analysis should include all organizational activities. It should not be limited to subsets of systems or just systems and infrastructure.