Certified Information Security Manager (CISM) — Question 230

Risk scenarios simplify the risk assessment process by:

Answer options

• A. covering the full range of possible risk.
• B. ensuring business risk is mitigated.
• C. reducing the need for subsequent risk evaluation.
• D. focusing on important and relevant risk.

Correct answer: D

Explanation

The correct answer is D because risk scenarios help prioritize risks that are most relevant to the organization, making the assessment more effective. Options A and C are incorrect as they imply a broader scope or reduced analysis which may overlook important details, while B is misleading because risk scenarios do not guarantee mitigation, but rather facilitate focus on critical risks.