PECB Risk Manager — Question 2

Which of the following risk assessment methods provides an information security risk assessment methodology and involves three phases build asset-based threat profiles, identify infrastructure vulnerabilities, and develop security strategy and plans?

Answer options

Correct answer: A

Explanation

The correct answer is A, OCTAVE-S, as it specifically outlines a structured methodology for conducting information security risk assessments in three distinct phases. Options B and C, MEHARI and TRA, do not follow the same three-phase structure and focus on different aspects of risk assessment.