CISSP – Information Systems Security Management Professional (ISSMP) — Question 27
Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."
Answer options
- A. Monitor and Control Risks
- B. Identify Risks
- C. Perform Qualitative Risk Analysis
- D. Perform Quantitative Risk Analysis
Correct answer: A
Explanation
The correct answer is A, 'Monitor and Control Risks', as it encompasses all activities related to managing risks throughout the project. Options B, C, and D refer to specific stages in the risk management process, like identifying risks or analyzing them, rather than the ongoing monitoring and control of identified and new risks.