Certified in Risk and Information Systems Control (CRISC) — Question 1049

Which of the following processes BEST enables a risk practitioner to gather evidence about the threat environment for further analysis?

Answer options

• A. Risk assessment
• B. Threat modeling
• C. Vulnerability scanning
• D. Threat intelligence

Correct answer: B

Explanation

Threat modeling is the best process for gathering evidence about the threat environment as it specifically focuses on identifying and prioritizing potential threats. While risk assessment evaluates risks, vulnerability scanning identifies weaknesses, and threat intelligence provides data on threats, they do not emphasize the structured analysis of the threat landscape like threat modeling does.