Systems Security Certified Practitioner – SSCP – Question0565

Which of the following is NOT a part of a risk analysis?

A.
Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure
D. Choose the best countermeasure

Correct Answer: D

Explanation:

This step is not a part of RISK ANALYSIS. A risk analysis has three main goals: identify risks, quantify the impact of potential threats, and provide an economic balance between the impact of the risk and the cost of the associated countermeasure. Choosing the best countermeasure is not part of the risk analysis. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 73). HARRIS, Shon, Mike Meyers’ CISSP(R) Certification Passport, 2002, McGraw-Hill, page 12.