Which of the following BEST describes the scope of risk analysis?

A. Key financial systems

B. Organizational activities

C. Key systems and infrastructure

D. Systems subject to regulatory compliance

Explanation:

Risk analysis should include all organizational activities. It should not be limited to subsets of systems or just systems and infrastructure.