Certified Information Security Manager (CISM) — Question 959

A KEY consideration in the use of quantitative risk analysis is that it:

Answer options

• A. applies commonly used labels to information assets.
• B. assigns numeric values to exposures of information assets.
• C. is based on criticality analysis of information assets.
• D. aligns with best practice for risk analysis of information assets.

Correct answer: B

Explanation

The correct answer, B, highlights that quantitative risk analysis involves assigning specific numeric values to the risks associated with information assets, which enables more precise measurement and comparison. The other options refer to aspects of risk analysis that are not central to the quantitative approach, such as labeling, criticality analysis, and alignment with best practices.