A is correct.
Five steps of risk management:
1. Identify the Risk
2. Analyze the Risk
3. Evaluate or Rank the Risk
4. Treat the Risk
5. Monitor and Review the Risk
The initial step in the risk management process is to identify the risks that the business is exposed to in its operating environment.
https://www.360factors.com/blog/five-steps-of-risk-management-process/
A is the correct. In the book it says:
"Risk management is composed of two primary elements: risk assessment and risk response.
Risk assessment or risk analysis is the examination of an environment for risks, evaluating each threat event as to its likelihood of occurring and the severity of the damage it would cause if it did occur, and assessing the cost of various countermeasures for each risk. This results in a sorted criticality prioritization of risks. From there, risk response takes over."
A. Identify the factors that have potential to impact business.
The first step in risk management is to identify the factors that have the potential to impact the business. This includes identifying the risks and threats that the organization may face, such as natural disasters, cyber-attacks, and human errors. This step is also known as risk identification, it's important as it helps to understand the organization's risk profile and where to focus the risk management efforts. By identifying the factors that have potential to impact the business, it allows the organization to prioritize the risks that need to be addressed and to allocate resources accordingly.
Option A is related to Business Impact Analysis (BIA), and this is part of Risk Assessment which is a next stage.
I vote for B, because Risk Management is a program, and first thing we have to do is to identify what are we going to do, whom involved, strategy etc.
The first step in risk management is to identify critical assets that require protection.
A is not correct because risk identification comes after critical assets have been identified and prioritised.
C could be the correct answer if identifying existing controls includes digital assets identification, but the answer was poorly worded.
it is A because risk management only try to identify factors that can affect to the company. Scope no make sense because it is for DRP or BCP (where can be included a risk management)
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kasiya
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agosec_007
Highly Voted 2 years ago8e1c45b
Most Recent 3 months, 2 weeks agoklarak
7 months, 1 week ago629f731
10 months, 2 weeks agoNicola_2_Reg
1 year, 2 months agoPeteyPete
1 year, 4 months agopete79
1 year, 5 months agosausageman
1 year, 8 months agoDee83
1 year, 10 months agoDJOEK
1 year, 10 months agooudmaster
1 year, 11 months agoPeduk70
2 years, 1 month agoRollizo
2 years, 1 month ago