Certified in Risk and Information Systems Control (CRISC) — Question 814

The risk associated with an asset after controls are applied can be expressed as:

Answer options

• A. the likelihood of a given threat.
• B. the magnitude of an impact.
• C. a function of the likelihood and impact.
• D. a function of the cost and effectiveness of controls.

Correct answer: C

Explanation

The correct answer, C, is accurate because risk is typically calculated as a function of both the likelihood of a threat occurring and the potential impact of that threat. Options A and B address components of risk but do not encompass the entirety of the risk concept, while D focuses on controls rather than the fundamental relationship between likelihood and impact.