A large financial institution has completed a comprehensive risk assessment of its IT infrastructure. The assessment identified 25 risks across various systems. The Security Compliance manager needs to determine which risks to address first. What approach should the compliance team take to prioritize the identified risks?
Address high-impact risks based on their severity
Rank risks alphabetically by affected system name
Prioritize risks based on implementation costs of mitigation controls
Rank risks based on potential impact and likelihood of occurrence
The correct answer is to rank risks based on potential impact and likelihood of occurrence. This approach represents the fundamental principle of risk prioritization in a risk management framework. By evaluating both the potential impact (how severe the consequences would be) and the likelihood (probability of occurrence), the organization can create a meaningful prioritization that addresses the most significant threats first.
The other options are flawed approaches to risk prioritization:
Addressing high-impact risks based on their severity ignores the probability component of risk evaluation, which could lead to wasting resources on very unlikely scenarios while neglecting more probable moderate-impact risks.
Prioritizing risks based on implementation costs focuses on the treatment aspect before proper prioritization and fails to consider the fundamental risk characteristics of impact and likelihood.
Ranking risks alphabetically by affected system is an arbitrary method that has no correlation to the actual severity or importance of the risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to consider both impact and likelihood in risk prioritization?
Open an interactive chat with Bash
What is a risk management framework, and how does it relate to prioritization?
Open an interactive chat with Bash
What are common methods used to calculate risk impact and likelihood?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .