Certified in Risk and Information Systems Control (CRISC) — Question 844

Which of the following is the BEST way to quantify the likelihood of risk materialization?

Answer options

• A. Balanced scorecard
• B. Business impact analysis (BIA)
• C. Threat and vulnerability assessment
• D. Compliance assessments

Correct answer: C

Explanation

The correct answer is C, as a Threat and vulnerability assessment specifically identifies and evaluates potential threats and vulnerabilities, thus providing a clear quantification of risk likelihood. In contrast, the Balanced scorecard focuses on organizational performance metrics, Business impact analysis (BIA) assesses the impact of risks, and Compliance assessments ensure adherence to regulations rather than quantifying risk likelihood.