CISM - AIO 2nd - The risk analyst studies different event scenarios and determines the impact of each. This may be expressed in quantitative terms (dollars or other currency) or qualitative terms (high/medium/low or a numeric scale of 1 to 5 or of 1 to 10).
Sounds like B to me
Information security risk analysis helps organizations identify and prioritize potential risks to their information assets. By assessing the likelihood and impact of various risks, organizations can make informed and cost-effective decisions about where to allocate resources for protection. This involves determining which assets are most critical and require heightened security measures based on the level of risk they pose.
While the other options (ensuring appropriate access control, applying appropriate funding to security processes, and implementing appropriate security technologies) are also important considerations, the primary benefit of risk analysis is in facilitating cost-effective decisions related to asset protection.
CRISC indicated that when new compliance regulation might affect the business, it should first analyse the existing control enough to meet the regulation of new compliance rule. Clearly the answer is D
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
gosacar
Highly Voted 2 months, 1 week agoMSKid
Highly Voted 1 month, 3 weeks agoZiggybooboo
2 years, 1 month agoViperhunter
Most Recent 1 month, 3 weeks agogreeklover84
2 months ago2c24cf3
3 months, 2 weeks agoGambleJai
10 months, 2 weeks agoAli29
1 year, 1 month agopuggalhimanya
1 year, 3 months agopeelu
1 year, 5 months agopeelu
1 year, 5 months agorichck102
1 year, 6 months agoanshuti
1 year, 9 months agoPrasannacpw
1 year, 11 months ago