nerdexam
(ISC)2

CISSP · Question #894

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

The correct answer is D. Risk assessment. Risk assessment is the process that entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities. Risk assessment is a key component of risk management, which is the process of identifying, analy

Submitted by omar99· Mar 5, 2026Security and Risk Management

Question

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Options

  • ASecurity governance
  • BRisk management
  • CSecurity portfolio management
  • DRisk assessment

How the community answered

(30 responses)
  • B
    7% (2)
  • C
    3% (1)
  • D
    90% (27)

Explanation

Risk assessment is the process that entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities. Risk assessment is a key component of risk management, which is the process of identifying, analyzing, and treating the risks that affect the security and objectives of an organization. Risk assessment involves the following steps: identifying the assets and their value, identifying the threats and their sources, identifying the vulnerabilities and their causes, identifying the existing controls and their effectiveness, identifying the impact and likelihood of the risk events, and identifying the risk owners and their roles. Risk assessment helps to determine the level of risk and the appropriate risk response for each asset and process. Security governance, risk management, and security portfolio management are not the same as risk assessment, although they are related or complementary concepts. Security governance is the framework that defines the roles, responsibilities, policies, standards, and procedures for security management within an organization. Security governance provides the direction, oversight, and accountability for security activities and decisions. Risk management is the process of identifying, analyzing, and treating the risks that affect the security and objectives of an organization. Risk management includes risk assessment, risk mitigation, risk monitoring, and risk communication. Security portfolio management is the process of managing the security investments and initiatives within an organization. Security portfolio management involves aligning the security projects and programs with the organizational strategy, prioritizing the security resources and budget, and measuring the security performance and value.

Topics

#Risk assessment#Data ownership#Asset identification#Business processes

Community Discussion

No community discussion yet for this question.

Full CISSP Practice