CERTIFIED-IN-CYBERSECURITY · Question #766
CERTIFIED-IN-CYBERSECURITY Question #766: Real Exam Question with Answer & Explanation
The correct answer is A: The frequency of occurrence is low, and the expected impact value is high. The highest priority should be given to risks estimated to high impact and low probability over high probability and low impact value (ISC2 Study Guide, Chapter 1, Module 2). In qualitative risk analysis, the 'expected probability of occurrence' and the 'frequency of occurrence'
Question
With respect to risk management, which of the following options should be prioritized?
Options
- AThe frequency of occurrence is low, and the expected impact value is high
- BThe expected probability of occurrence is low, and the potential impact is low
- CThe frequency of occurrence is high, and the expected impact value is low
- DThe expected probability of occurrence is high, and the potential impact is low
Explanation
The highest priority should be given to risks estimated to high impact and low probability over high probability and low impact value (ISC2 Study Guide, Chapter 1, Module 2). In qualitative risk analysis, the 'expected probability of occurrence' and the 'frequency of occurrence' refer to the same thing. The same goes for the concepts of expected impact value (NIST SP 800-30 Rev. 1 under Impact Value) and potential impact (NIST SP 800-60 Vol. 1 Rev. 1 under Potential Impact).
Topics
Community Discussion
No community discussion yet for this question.