A large financial institution has completed a comprehensive risk assessment of its IT infrastructure. The assessment identified 25 risks across various systems. The Security Compliance manager needs to determine which risks to address first. What approach should the compliance team take to prioritize the identified risks?
Address high-impact risks based on their severity
Rank risks based on potential impact and likelihood of occurrence
Rank risks alphabetically by affected system name
Prioritize risks based on implementation costs of mitigation controls
The correct answer is to rank risks based on potential impact and likelihood of occurrence. This approach represents the fundamental principle of risk prioritization in a risk management framework. By evaluating both the potential impact (how severe the consequences would be) and the likelihood (probability of occurrence), the organization can create a meaningful prioritization that addresses the most significant threats first.
The other options are flawed approaches to risk prioritization:
Addressing high-impact risks based on their severity ignores the probability component of risk evaluation, which could lead to wasting resources on very unlikely scenarios while neglecting more probable moderate-impact risks.
Prioritizing risks based on implementation costs focuses on the treatment aspect before proper prioritization and fails to consider the fundamental risk characteristics of impact and likelihood.
Ranking risks alphabetically by affected system is an arbitrary method that has no correlation to the actual severity or importance of the risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is meant by potential impact and likelihood of occurrence?
Open an interactive chat with Bash
What is a risk management framework?
Open an interactive chat with Bash
Why are flawed approaches to risk prioritization a concern?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access