PrepAway - Latest Free Exam Questions & Answers

Which of the following should be considered FIRST when implementing a risk management program?

Which of the following should be considered FIRST when implementing a risk management program?

A. An understanding of the organizations threat, vulnerability and risk profile

B. An understanding of the risk exposures and the potential consequences of compromise

C. A determination of risk management priorities based on potential consequences

D. A risk mitigation strategy sufficient to keep risk consequences at an acceptable level

Explanation:

Implementing risk management, as one of the outcomes of effective information security governance, would require a collective understanding of the organizations threat, vulnerability and risk profile as a first step. Based on this, an understanding of risk exposure and potential consequences of compromise could be determined. Risk management priorities based on potential consequences could then be developed. This would provide a basis for the formulation of strategies for risk mitigation sufficient to keep the consequences from risk at an acceptable level.


Leave a Reply