Which statement below BEST describes the primary purpose of risk analysis?
A.
To quantify the impact of potential threats
B.
To create a clear cost-to-value ratio for implementing security controls
C.
To influence site selection decisions
D.
To influence the system design process
Explanation:
The correct answer is “To quantify the impact of potential threats”. The main purpose of performing
a risk analysis is to put a hard cost or value onto the loss of a business function. The other answers
are benefits of risk management but not its main purpose.