The PRIMARY purpose of using risk analysis within a security program is to:
A.
justify the security expenditure.
B.
help businesses prioritize the assets to be protected.
C.
inform executive management of residual risk value.
D.
assess exposures and plan remediation.
Explanation:
Risk analysis explores the degree to which an asset needs protecting so this can be managed
effectively. Risk analysis indirectly supports the security expenditure, but justifying the security
expenditure is not its primary purpose. Helping businesses prioritize the assets to be protected is
an indirect benefit of risk analysis, but not its primary purpose. Informing executive management of
residual risk value is not directly relevant.