Certified in Risk and Information Systems Control (CRISC) — Question 6
Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization.
Which of the following assessment are you doing?
Answer options
- A. IT security assessment
- B. IT audit
- C. Threat and vulnerability assessment
- D. Risk assessment
Correct answer: C
Explanation
The correct answer is C, Threat and vulnerability assessment, as it specifically focuses on identifying and evaluating risks and vulnerabilities within an organization. Options A (IT security assessment) and B (IT audit) are broader in scope and do not solely concentrate on risk scenarios. Option D (Risk assessment) could be applicable but is not as precise as C in the context of analyzing threats and vulnerabilities.