You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a
specific risk mitigation activity. What you should PRIMARILY utilize?
A.
Vulnerability assessment report
B.
Business case
C.
Technical evaluation report
D.
Budgetary requirements
Explanation:
As business case includes business need (like new product, change in process, compliance need,
etc.) and the requirements of the enterprise (new technology, cost, etc.), risk professional should
utilize this for implementing specific risk mitigation activity. Risk professional must look at the costs
of the various controls and compare them against the benefits that the organization will receive
from the
risk response. Hence he/she needs to have knowledge of business case development to illustrate
the costs and benefits of the risk response.