Certified in Risk and Information Systems Control (CRISC) — Question 493

Which of the following should be included in a risk scenario to be used for risk analysis?

Answer options

• A. Residual risk
• B. Risk tolerance
• C. Risk appetite
• D. Threat type

Correct answer: D

Explanation

The correct answer is D, as the type of threat is essential for identifying potential risks in a scenario. Residual risk, risk tolerance, and risk appetite are important concepts but do not specifically define the scenario itself.