Suppose you are working in Company Inc. and you are using risk scenarios for estimating the
likelihood and impact of the significant risks on this organization. Which of the following
assessment are you doing?
A.
IT security assessment
B.
IT audit
C.
Threat and vulnerability assessment
D.
Risk assessment
Explanation:
Threat and vulnerability assessment consider the full spectrum of risks. It identifies the likelihood
of occurrence of risks and impact of the significant risks on the organization using the risk
scenarios. For example: Natural threats can be evaluated by using historical data concerning
frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, etc.
Answer D is incorrect. Risk assessment uses quantitative and qualitative analysis approaches to
evaluate each significant risk identified.
methodologies to evaluate risk but do not use risk scenarios.