CERTIFIED-IN-CYBERSECURITY · Question #534
CERTIFIED-IN-CYBERSECURITY Question #534: Real Exam Question with Answer & Explanation
The correct answer is C: Identify and prioritize risks. The essential goal of cybersecurity risk assessment is to identify and prioritize risks (see the ISC2 Study Guide, Chapter 1, Module 2). This process involves identifying potential threats to an organization's systems and data, evaluating the potential impact and vulnerabilities,
Question
What is the purpose of risk assessment?
Options
- AAnalyze and reduce risk
- BAnalyze and prioritize risks
- CIdentify and prioritize risks
- DIdentify and eradicate risk
Explanation
The essential goal of cybersecurity risk assessment is to identify and prioritize risks (see the ISC2 Study Guide, Chapter 1, Module 2). This process involves identifying potential threats to an organization's systems and data, evaluating the potential impact and vulnerabilities, and prioritizing them according to their severity and the resources required to mitigate them. For example, a risk assessment may reveal that an aging server poses a significant risk of catastrophic system failure if it is not replaced soon. This risk would therefore be given a high priority and the necessary actions to mitigate it would be expedited. The remaining alternatives are incorrect because the goal of risk assessment is not to eliminate or necessarily reduce risks, but rather to identify and prioritize risks according to their potential impact on the organization. Moreover, it is impossible to completely eliminate all risks, and not all identified risks need to be, or can be, reduced. In fact, some risks may be accepted, transferred, or avoided, not just reduced.
Topics
Community Discussion
No community discussion yet for this question.