Exam CRISC topic 1 question 847 discussion

The answer should be C.

C. frequency and magnitude of loss. The main goal of the risk analysis process is to determine the frequency and magnitude of potential loss events. This involves assessing the likelihood (frequency) of specific risks occurring and the potential impact (magnitude) they could have on the organization. Risk analysis considers various factors, including threats, vulnerabilities, and existing controls, to evaluate the overall risk exposure and prioritize risk management efforts. This analysis helps organizations make informed decisions about how to manage and mitigate their risks effectively.

It is C.

Risk analysis according to ISACA, includes assessment of consequences, assessment of incident likelihoods, determination of level of risk; risk identification includes the identification of assets, threats, vulnerabilities, existing controls and consequences (page 53, CRISC review manual, 7th edition)

Risk analysis main objective is the modeling of various threats againts assets estimating probability of a loss event and impact. Threats and vulnerabilities are identified in the 'identification' phase.

Its C, nothing else.The purpose of Analysis is to get the impact and probability of risk.

D is correct. Risk Assessment -> Identify the Risk, then Analyze the risk - Threats and vulnerabilities, and evaluate the risk.

C is correct via crisc manual Risk analysis— 1. A process by which frequency and magnitude of IT risk scenarios are estimated. 2. The initial steps of risk management: analyzing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats

support C

D is correct - CRISC Manual Page 27 - Task statement T1.2 says - Identify potential threats and vulnerabilities to the organization’s people, processes and technology to enable IT risk analysis.

Risk analysis determines likelihood, impact, and the risk level. Risk identification identifies threats and vulnerabilities.