Certified Information Security Manager (CISM) — Question 287

Which of the following is the BEST way to evaluate the impact of threat events on an organization's IT operations?

Answer options

• A. Risk assessment
• B. Penetration testing
• C. Scenario analysis
• D. Controls review

Correct answer: C

Explanation

Scenario analysis is the best method as it allows organizations to visualize and evaluate various threat events and their potential impacts on IT operations. Risk assessment, penetration testing, and controls review, while important, do not provide the same depth of insight into specific scenarios and their consequences.