Which of the following statements are true about security risks? Each correct answer represents a
complete solution. Choose three.
A.
They are considered an indicator of threats coupled with vulnerability.
B.
They can be removed completely by taking proper actions.
C.
They can be analyzed and measured by the risk analysis process.
D.
They can be mitigated by reviewing and taking responsible actions based on possible risks.
Explanation:
In information security, security risks are considered an indicator of threats coupled with
vulnerability. In other words, security risk is a probabilistic function of a given threat agent
exercising a particular vulnerability and the impact of that risk on the organization. Security risks
can be mitigated by reviewing and taking responsible actions based on possible risks. These risks
can be analyzed and measured by the risk analysis process.
Answer option B is incorrect. Security risks can never be removed completely but can be mitigated
by taking proper actions.