EXIN Information Security Foundation (ISFS) — Question 1

What is a risk analysis used for?

Answer options

• A. A risk analysis is used to express the value of information for an organization in monetary terms.
• B. A risk analysis is used to clarify to management their responsibilities.
• C. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
• D. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.

Correct answer: C

Explanation

The correct answer, C, highlights that risk analysis is essential for identifying and mitigating risks alongside security measures. Options A, B, and D, while relevant to organizational processes, do not specifically address the primary objective of risk analysis, which is risk reduction in the context of security.