CRISC Certified in Risk and Information Systems Control – Question145
Which of the following is an output of risk assessment process? A. Identification of risk B. Identification of appropriate controls C. Mitigated risk D. Enterprise left with residual risk
Correct Answer: B
Explanation:
Explanation:
The output of the risk assessment process is identification of appropriate controls for reducing or eliminating risk during the risk mitigation process. To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. Once risk factors have been identified, existing or new controls are designed and measured for their strength and likelihood of effectiveness. Controls are preventive, detective or corrective; manual or programmed; and formal or ad hoc.
Incorrect Answers:
A: Risk identification acts as input of the risk assessment process.
C: This is an output of risk mitigation process, that is, after applying several risk responses.
D: Residual risk is the latter output after appropriate control.
Please disable your adblocker or whitelist this site!