CRISC Certified in Risk and Information Systems Control – Question277
Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing? A. IT security assessment B. IT audit C. Threat and vulnerability assessment D. Risk assessment
Correct Answer: C
Explanation:
Explanation:
Threat and vulnerability assessment consider the full spectrum of risks. It identifies the likelihood of occurrence of risks and impact of the significant risks on the organization using the risk scenarios. For example: Natural threats can be evaluated by using historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, etc.
Incorrect Answers: A, B: These use either some technical evaluation tool or assessment methodologies to evaluate risk but do not use risk scenarios.
D: Risk assessment uses quantitative and qualitative analysis approaches to evaluate each significant risk identified.
Please disable your adblocker or whitelist this site!