Certified Information Systems Security Professional (CISSP) — Question 293

What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?

Answer options

• A. Threat analysis
• B. Vulnerability analysis
• C. Key Performance Indicator (KPI)
• D. Key Risk Indiaitor (KRI)

Correct answer: D

Explanation

The correct answer is D, as Key Risk Indicators (KRIs) provide crucial insights into factors that could impact an organization's success. In contrast, Threat analysis and Vulnerability analysis focus more on identifying potential risks and weaknesses, while Key Performance Indicators (KPIs) measure performance rather than risk.