Which statement below BEST describes the primary purpose of risk
analysis?
A.
To quantify the impact of potential threats
B.
To create a clear cost-to-value ratio for implementing security controls
C.
To influence site selection decisions
D.
To influence the system design process
Explanation:
The correct answer is “To quantify the impact of potential threats”. The main purpose of
performing a risk analysis is to put a hard cost or value onto the loss of a business function.
The other answers are benefits of risk management but not its
main purpose.