Certified in Risk and Information Systems Control (CRISC) — Question 1127

An IT risk threat analysis is BEST used to establish:

Answer options

• A. risk scenarios.
• B. risk maps.
• C. risk ownership.
• D. risk appetite.

Correct answer: A

Explanation

An IT risk threat analysis is primarily aimed at identifying and establishing risk scenarios, which detail potential threats and their impact. While risk maps, risk ownership, and risk appetite are important components of risk management, they do not directly result from the analysis itself.