Certified in Risk and Information Systems Control (CRISC) — Question 190

Which of the following will BEST quantify the risk associated with malicious users in an organization?

Answer options

• A. Business impact analysis
• B. Threat risk assessment
• C. Vulnerability assessment
• D. Risk analysis

Correct answer: B

Explanation

The correct answer is B, as a Threat risk assessment specifically focuses on identifying and evaluating the risks from potential malicious activities. Options A, C, and D, while related to risk management, do not specifically target the threat posed by malicious users in the same comprehensive way as a threat risk assessment does.