A risk assessment provides a comprehensive view of potential threats, vulnerabilities, and the associated impacts on the business. It helps prioritize risks and justifies the need for a technical solution by outlining the potential consequences of inaction.
While the other options (BIA, vulnerability scan results, and penetration test results) provide valuable information, they are more focused on specific aspects rather than the overall risk profile, which is crucial for a business case.
I would go with A here. The senior management would not require to see the vulnerability results, they would be more interested in how the business might get impacted if the vulnerabilities are exploited and what is the loss going to be. Vulnerability scan report on a business case is going to play light, however if we can show them how these vulnerabilities may affect the business, that will be playing hard.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
koala_lay
2 months, 3 weeks agooluchecpoint
6 months, 3 weeks agoshootnot
7 months agoyottabyte
7 months, 3 weeks ago3czz
8 months, 4 weeks ago