CompTIA Security+ Exam SY0-601: Risk Register Purpose

Purpose of a Risk Register

Prev Question Next Question

Question

Which of the following is the purpose of a risk register?

A.

To define the level or risk using probability and likelihood B.

To register the risk with the required regulatory agencies C.

To identify the risk, the risk owner, and the risk measures D.

To formally log the type of risk mitigation strategy the organization is using.

C.

Explanations

Which of the following is the purpose of a risk register?

A.

To define the level or risk using probability and likelihood

B.

To register the risk with the required regulatory agencies

C.

To identify the risk, the risk owner, and the risk measures

D.

To formally log the type of risk mitigation strategy the organization is using.

C.

The purpose of a risk register is to identify and document all potential risks that an organization faces. It is a tool used to identify, assess, and prioritize risks that may impact the organization's ability to achieve its objectives. The risk register helps in developing a risk management plan by providing a centralized view of risks and risk mitigation strategies.

Option A, defining the level of risk using probability and likelihood, is a step in the risk management process, but it is not the primary purpose of a risk register.

Option B, registering the risk with regulatory agencies, is important in certain industries, but it is not the purpose of a risk register.

Option C, identifying the risk, the risk owner, and the risk measures, is the correct answer. The risk register is used to document and track risks identified during risk assessment. This includes identifying the risk, determining who is responsible for managing the risk (the risk owner), and defining risk measures to mitigate the risk.

Option D, formally logging the type of risk mitigation strategy, is a step in the risk management process, but it is not the primary purpose of a risk register. The risk register captures all information related to risks, including mitigation strategies, but it is not limited to just this information.

In summary, the primary purpose of a risk register is to identify, assess, and prioritize risks and document them in a centralized location. It includes information such as the risk, the risk owner, and risk mitigation strategies.