Multiple Choice
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO's evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?
A) Documentation of lessons learned
B) Quantitative risk assessment
C) Qualitative assessment of risk
D) Business impact scoring
E) Threat modeling
Correct Answer:
Verified
Correct Answer:
Verified
Q328: A company's chief cybersecurity architect wants to
Q329: An organization is currently performing a market
Q330: A security engineer is assessing the controls
Q331: Given the following output from a security
Q332: A project manager is working with a
Q334: A company monitors the performance of all
Q335: In the past, the risk committee at
Q336: A user workstation was infected with a
Q337: After investigating virus outbreaks that have cost
Q338: An organization is implementing a virtualized thin-client