nerdexam
(ISC)2

CISSP-ISSEP · Question #175

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

The correct answer is A. Risk identification D. Risk control. Risk management is fundamentally a two-part discipline: you must first identify what risks exist (A), then control them through mitigation, transfer, acceptance, or avoidance (D). These two tasks form the core loop of any risk management framework (NIST, ISO 31000, PMBOK, etc.).

Risk Management

Question

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

Options

  • ARisk identification
  • BBuilding Risk free systems
  • CAssuring the integrity of organizational data
  • DRisk control

How the community answered

(42 responses)
  • A
    90% (38)
  • B
    7% (3)
  • C
    2% (1)

Explanation

Risk management is fundamentally a two-part discipline: you must first identify what risks exist (A), then control them through mitigation, transfer, acceptance, or avoidance (D). These two tasks form the core loop of any risk management framework (NIST, ISO 31000, PMBOK, etc.).

Why B is wrong: No system can be made entirely risk-free. Risk management aims to reduce risk to an acceptable level, not eliminate it entirely - claiming otherwise is a false premise.

Why C is wrong: Data integrity assurance falls under information security or data governance, not risk management itself. While risk management may address data integrity risks, assuring integrity is not one of its major tasks.

Memory tip: Think "ID and Control" - you can't manage what you haven't Identified, and identification is useless without Control. The two always pair together in any risk framework.

Topics

#Risk Management Process#Risk Identification#Risk Control#Security Principles

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice