nerdexam
ExamsCGRCQuestions#714
(ISC)2(ISC)2

CGRC · Question #714

CGRC Question #714: Real Exam Question with Answer & Explanation

The correct answer is D: Mitigating risk. Organization-wide risk management includes framing, assessing, and responding to risk, with mitigating risk being a specific strategy within the broader 'responding to risk' process.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Managing information security risk from an organization-wide perspective has to do with the following processes except one. Choose the exception. Response:

Options

  • Aresponding to rist
  • BFraming risk
  • CAssessing risk
  • DMitigating risk

Explanation

Organization-wide risk management includes framing, assessing, and responding to risk, with mitigating risk being a specific strategy within the broader 'responding to risk' process.

Common mistakes.

  • A. Responding to risk is a core organizational-level process in risk management, encompassing mitigation, transfer, acceptance, and avoidance.
  • B. Framing risk is a foundational organizational-level process that establishes the context for risk management.
  • C. Assessing risk is a core organizational-level process involving identifying and analyzing risks.

Concept tested. Organizational risk management processes

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf

Topics

#Risk Management Process#Framing Risk#Assessing Risk#Responding to Risk

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CGRC PracticeBrowse All CGRC Questions