Question

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?

A. Documentation of lessons learned
B. Quantitative risk assessment
C. Qualitative assessment of risk
D. Business impact scoring
E. Threat modeling

Answer 1

The correct answer to the following question is option B). Quantitative risk assessment .

Step-by-step explanation:

QRA ( Quantitative Risk assessment) is the objective risk assessment tool that is used to project threat impacts.

Quantitative Risk Assessment provides the estimate of magnitude of the consequences for each of the identified budget threats.

It set out to measure, define, provide, and predict the confidence level of the likelihood and the occurrence of the threat impacts.