Certified Secure Software Lifecycle Professional (CSSLP) — Question 24

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Answer options

• A. Identifying the risk
• B. Assessing the impact of potential threats
• C. Identifying the accused
• D. Finding an economic balance between the impact of the risk and the cost of the countermeasure

Correct answer: C

Explanation

The correct answers focus on the essential aspects of risk management, which include recognizing risks, evaluating potential threats, and achieving a balance between the risk's impact and the cost of mitigations. Option C, 'Identifying the accused,' is not relevant to risk management, which does not involve legal or accusatory processes.