An IT security manager is asked to provide the total risk to the business. Which of the following
calculations would he security manager choose to determine total risk?

A.
(Threats X vulnerability X asset value) x controls gap

B.
(Threats X vulnerability X profit) x asset value

C.
Threats X vulnerability X control gap

D.
Threats X vulnerability X asset value

Explanation:
Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This
is used to calculate a risk.