How do you interpret “Risk assessment/analysis” mentioned in the CISSP exam outline?
- The Sybex official study guide used “assessment” and “analysis” interchangeably. In fact, it seemingly equals “risk analysis” to “risk assessment.” Besides, its “risk assessment” includes risk response/treatment.
- It conflicts with the NIST FARM model (Frame, Assess, Respond, and Monitor) and ISO 31000.