A contingency plan should address?

A.
Potential risks

B.
Residual risks

C.
Identified risks

D.
All of the above

Explanation:
This is true, as stated in CISSP documentation, you should address any possible “Residual Risk” at
your contingency plan to minimize business impact when you are in a downtime situation. The
identified Risks and the Potential Risks are not identified there, they are identified earlier.