Risk scenario deals with Business impact but not with cost, cost comes during risk assessment. Vulnerability is however key component of Risk scenario development so A has my vote.
I think this one is testing on threat scenario versus risk scenario. In the 7th edition review manual, the distinction between a threat scenario and a risk scenario was the addition of frequency and loss magnitude (likelihood and impact). 7th edition review manual, pg 92 and 109. The loss magnitude indicates financial impact.
Sorry, 'A', reason:
Identified vulnerabilities refer to specific weaknesses or gaps in an organization's systems or processes that can be exploited by potential threats, such as cyber attacks, natural disasters, or financial fraud. By identifying these vulnerabilities and analyzing the potential impact and likelihood of different scenarios, organizations can develop effective risk management strategies to mitigate potential risks.
The least bad option is B. Vulnerabilities and historical risk factors are important, but those known to have an impact on the business are even more so.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mynk29
3 months, 3 weeks agoCbtL
4 months, 3 weeks agoCbtL
4 months, 3 weeks agoKoulyo
5 months, 1 week agoKoulyo
5 months, 1 week agojohn_boogieman
6 months, 2 weeks agojohn_boogieman
6 months, 2 weeks agojohn_boogieman
7 months, 2 weeks agoGRamos
8 months, 2 weeks agoSuchib
8 months, 2 weeks agoblokey
9 months, 2 weeks ago