PECB Risk Manager — Question 3

Does information security reduce the impact of risks?

Answer options

• A. Yes, information security reduces risks and their impact by protecting the organization against threats and vulnerabilities
• B. No, information security does not have an impact on risks as information security and risk management are separate processes
• C. Yes, information security reduces the impact of risks by eliminating the likelihood of exploitation of vulnerabilities by threats

Correct answer: A

Explanation

The correct answer is A because information security actively protects the organization from threats and vulnerabilities, thereby reducing risk impact. Option B is incorrect as it incorrectly separates information security from risk management, which are interconnected. Option C, while true in part, does not fully capture the protective aspects of information security as stated in A.