CISSP · Question #1114
Which of the following is a risk matrix?
The correct answer is C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.. A risk matrix is a visual tool that plots likelihood against consequence in a two-dimensional grid to help organizations prioritize and communicate risks.
Question
Which of the following is a risk matrix?
Options
- AA database of risks associated with a specific information system.
- BA table of risk management factors for management to consider.
- CA two-dimensional picture of risk for organizations, products, projects, or other items of interest.
- DA tool for determining risk management decisions for an activity or system.
How the community answered
(40 responses)- A3% (1)
- C93% (37)
- D5% (2)
Why each option
A risk matrix is a visual tool that plots likelihood against consequence in a two-dimensional grid to help organizations prioritize and communicate risks.
A database of risks associated with a specific information system describes a risk register or risk inventory, not a risk matrix, which is a visual plotting tool rather than a data repository.
A table of risk management factors for management to consider describes a risk register or risk reporting artifact, not a risk matrix, which specifically maps likelihood against impact in a two-dimensional grid.
A risk matrix is formally defined as a two-dimensional representation that typically places likelihood (probability) on one axis and consequence (impact/severity) on the other axis, creating a grid. This visual format allows organizations, project teams, or product managers to quickly assess and prioritize risks based on their combined likelihood and impact scores.
A tool for determining risk management decisions describes a decision support framework or risk assessment methodology broadly, whereas a risk matrix is specifically a two-dimensional visual representation used to categorize and prioritize risks, not to prescribe decisions.
Concept tested: Definition and purpose of a risk matrix
Source: https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Topics
Community Discussion
No community discussion yet for this question.