
According to NIST SP 800-30 R1, “assessing risk requires the careful analysis of threat and vulnerability information to determine the extent to which circumstances or events could adversely impact an organization and the likelihood that such circumstances or events will occur.” Which of the following should be determined first before conducting a risk assessment? (Wentz QOTD)
A. Risk assessment methodology
B. Analysis approach
C. Assessment approach
D. Analytic approach
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue reading