Certified in Risk and Information Systems Control (CRISC) — Question 25

The MAIN goal of the risk analysis process is to determine the:

Answer options

• A. potential severity of impact.
• B. control deficiencies.
• C. frequency and magnitude of loss.
• D. threats and vulnerabilities.

Correct answer: C

Explanation

The correct answer is C, as the risk analysis process primarily aims to assess the frequency and magnitude of potential losses. Options A and B focus on specific aspects of impact and control weaknesses, while option D addresses threats and vulnerabilities, which are components of risk but not the main goal.