Certified Chief Information Security Officer (CCISO) — Question 107

Risk is defined as:

Answer options

• A. Quantitative plus qualitative impact
• B. Asset loss times likelihood of event
• C. Advisory plus capability plus vulnerability
• D. Threat times vulnerability divided by control

Correct answer: B

Explanation

The correct answer, B, accurately reflects the definition of risk as it combines the potential asset loss with the likelihood of that loss occurring. Options A, C, and D do not correctly represent the standard risk formula and instead offer different interpretations that do not align with the conventional understanding of risk assessment.