Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO's evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?
A) Documentation of lessons learned
B) Quantitative risk assessment
C) Qualitative assessment of risk
D) Business impact scoring
E) Threat modeling
Correct Answer:
Verified
Q268: A security analyst is inspecting pseudocode of
Q269: An internal penetration tester was assessing a
Q270: At a meeting, the systems administrator states
Q271: After investigating virus outbreaks that have cost
Q272: A security engineer has implemented an internal
Q274: The code snippet below controls all electronic
Q275: A security engineer is designing a system
Q276: Ann, a member of the finance department
Q277: A security controls assessor intends to perform
Q278: An information security officer is responsible for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents