Exam CISM topic 1 question 130 discussion

The correct answer is (D.) Quantification of threats through threat modeling is the correct answer as threat modeling identifies the threat and quantification lets you know the likelihood and impact which is needed for the decision-making process. Rationale: A. Results of a vulnerability assessment says what is vulnerable, but don't provide the context as to which to resolve. B. Estimated savings resulting from reduced risk exposure money is important, but this is too early in the stage for this. C. Average cost of risk events is incorrect cause money is important, but this is too early in the stage for this.

B. Estimated savings resulting from reduced risk exposure. While all the options listed (A, B, C, and D) are valuable for risk management decision-making, estimated savings resulting from reduced risk exposure provides a direct link between risk management efforts and potential financial benefits. This information helps organizations assess the return on investment (ROI) for implementing specific risk mitigation measures.

it is D. Yes, quantifying threats through threat modeling is considered a key part of the risk management decision-making process, as it allows organizations to identify, analyze, and prioritize potential security risks by assigning numerical values to the likelihood and impact of different threats, enabling informed decisions about mitigation strategies and resource allocation.

D. Quantification of threats through threat modeling Quantification of threats through threat modeling provides the most comprehensive information for supporting risk management decision-making. This approach not only identifies potential threats but also assesses their likelihood and potential impact in a structured manner. By understanding the specific threats to assets and evaluating their severity and probability, decision-makers can prioritize security measures more effectively. This allows for a strategic allocation of resources to address the most significant risks, ensuring that mitigation efforts are both efficient and effective.

Totally agree with oluchecpoint

Totally agree with dark_3k03r

A. Results of a vulnerability assessment

The results of a vulnerability assessment provide critical information regarding the potential weaknesses in an organization's systems and infrastructure. This information can be used to prioritize risk management efforts and allocate resources effectively. Vulnerability assessments can help identify potential security gaps and provide insights on how to address them, allowing organizations to make informed decisions about risk management. While the other options may provide useful information, they do not directly support risk management decision-making to the same extent as vulnerability assessment results.

A. Results of a vulnerability assessment would be the best information to support risk management decision making. Vulnerability assessments provide an inventory of vulnerabilities, as well as their likelihood of exploitation and potential impacts. This information can be used to determine which vulnerabilities should be addressed first and how to allocate resources to best mitigate risk.

D is the correct answer

A is my answer. I feel like understanding the results of a vulnerability assessment helps with risk management. Risks are in the form of vulnerabilities and threats.