Certified in Risk and Information Systems Control (CRISC) — Question 619
Which of the following is MOST important to consider before determining a response to a vulnerability?
Answer options
- A. Monetary value of the asset
- B. Lack of data to measure threat events
- C. The cost to implement the risk response
- D. The likelihood and impact of threat events
Correct answer: D
Explanation
The likelihood and impact of threat events are essential to assess as they directly influence the urgency and nature of the response to a vulnerability. While monetary value, lack of data, and implementation costs are relevant, they do not provide a comprehensive understanding of the risk posed by the threat, which is critical for prioritizing responses effectively.