CISSP – Information Systems Security Management Professional (ISSMP) — Question 67

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Answer options

• A. Quantitative analysis
• B. Contingency reserve
• C. Risk response
• D. Risk response plan

Correct answer: B

Explanation

Creating a chart that lays out the probability and financial impact of risks leads to establishing a contingency reserve, which is a financial buffer set aside to address potential risks. The other options do not directly relate to quantifying risk impacts in terms of finances; for example, a risk response plan outlines how to deal with identified risks rather than quantifying them.