Certified Information Systems Security Professional (CISSP) — Question 9

Which of the following is a risk matrix?

Answer options

• A. A tool for determining risk management decisions for an activity or system.
• B. A database of risks associated with a specific information system.
• C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.
• D. A table of risk management factors for management to consider.

Correct answer: C

Explanation

The correct answer is C because a risk matrix visually displays the level of risk based on likelihood and impact, helping organizations assess potential risks. Option A refers to a tool for decision-making, but it does not specifically describe a matrix. Option B describes a database, which is not the same as a matrix. Option D discusses factors for consideration rather than providing a visual representation of risk.