Risk assessment helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC. Which of the following steps covered by the risk assessment methodology?

Each correct answer represents a complete solution. Choose three.

A.
Vulnerability Identification

B.
Cost Analysis

C.
Threat Identification

D.
System Characterization

Explanation:
Risk assessment is the first process of risk management. It helps in determining the extent of potential threats and risks associated with an IT system throughout its SDLC.

The risk assessment methodology covers nine steps which are as follows:
Step 1 – System Characterization
Step 2 – Threat Identification
Step 3 – Vulnerability Identification
Step 4 – Control Analysis
Step 5 – Likelihood Determination
Step 6 – Impact Analysis
Step 7 – Risk Determination
Step 8 – Control Recommendations
Step 9 – Results Documentation