Which of the following steps should be performed FIRST in the risk assessment process?

Which of the following steps should be performed FIRST in the risk assessment process?

Which of the following steps should be performed FIRST in the risk assessment process?

A.
Staff interviews

B.
Threat identification

C.
Asset identification and valuation

D.
Determination of the likelihood of identified risks

Explanation:

The first step in the risk assessment methodology is a system characterization, or identification
and valuation, of all of the enterprise’s assets to define the boundaries of the assessment.
Interviewing is a valuable tool to determine qualitative information about an organization’s
objectives and tolerance for risk. Interviews are used in subsequent steps. Identification of threats
comes later in the process and should not be performed prior to an inventory since many possible
threats will not be applicable if there is no asset at risk. Determination of likelihood comes later in
the risk assessment process.



Leave a Reply 0

Your email address will not be published. Required fields are marked *