Exam CISSP topic 1 question 144 discussion

The essential elements of information in a risk assessment can be described in three sections of the risk assessment report (or whatever vehicle is chosen by organizations to convey the results of the assessment): (i) an executive summary; (ii) the main body containing detailed risk assessment results; and (iii) supporting appendices https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

he essential elements of a Risk Assessment Report (RAR) typically include: A. Executive summary: This section provides a high-level overview of the risk assessment, including key findings, identified risks, and recommended actions. It is designed to provide a concise summary for executive stakeholders. B. Body of the report: This section contains the detailed analysis and findings of the risk assessment. It includes information such as the scope of the assessment, methodology used, risk identification and analysis, control evaluation, and risk treatment recommendations. It provides a comprehensive view of the risks and their potential impact on the organization. C. Appendices: The appendices contain supporting documentation and additional details that are referenced in the body of the report. This may include technical assessments, data analysis, risk matrices, mitigation plans, or other relevant information. The appendices provide supplemental information to support the findings and recommendations presented in the report.

Answer is correct https://www.sciencedirect.com/topics/computer-science/risk-assessment-report