Which of the following statements are true about security risks? Each correct answer represents a complete solution.
Choose three.
Click on the arrows to vote for the correct answer
A. B. C. D.BCD.
Answer:
B. They can be analyzed and measured by the risk analysis process. C. They can be mitigated by reviewing and taking responsible actions based on possible risks. D. They are considered an indicator of threats coupled with vulnerability.
Explanation:
A security risk is any potential threat to information security. Security risks cannot be completely removed but can be mitigated to a level of acceptable risk. Therefore, option A is incorrect.
Risk analysis is the process of identifying and assessing security risks to determine their likelihood and potential impact. The process involves identifying and assessing the value of the assets, the vulnerabilities of the system, and the potential threats. Therefore, option B is correct.
Mitigation refers to taking actions to reduce the likelihood or impact of a security risk. It involves implementing security controls or procedures to manage the identified risks. Therefore, option C is correct.
Threats are potential sources of harm to an information system, while vulnerabilities are weaknesses in the system that can be exploited by a threat. Risks arise when a threat exploits a vulnerability. Therefore, security risks are considered an indicator of threats coupled with vulnerability. Therefore, option D is correct.