Certified Incident Handler (ECIH) — Question 29

Cassius, a security professional, works for the risk management team in an organization. The team is responsible for performing various activities involved in the risk management process. In this process, Cassius was instructed to select and implement appropriate controls on the identified risks in order to address the risks based on their severity level.
Which of the following risk management phases was Cassius instructed to perform in the above scenario?

Answer options

• A. Risk analysis
• B. Risk treatment
• C. Risk prioritization
• D. Risk identification

Correct answer: B

Explanation

The correct answer is B, Risk treatment, as it involves selecting and implementing measures to control or mitigate identified risks. The other options, such as Risk analysis, focus on assessing risks, Risk prioritization is about ranking risks, and Risk identification is the initial step of recognizing potential risks.