Certified Chief Information Security Officer (CCISO) — Question 52

Which of the following defines the boundaries and scope of a risk assessment?

Answer options

• A. The risk assessment schedule
• B. The risk assessment framework
• C. The risk assessment charter
• D. The assessment context

Correct answer: C

Explanation

The risk assessment charter is the correct answer because it explicitly defines the objectives, scope, and boundaries of the risk assessment process. The other options, such as the risk assessment schedule and framework, do not specifically delineate the assessment's scope, while the assessment context is more about the environment rather than the specific boundaries.