Risk Management for Contingency Planning

Focus on Identified Risks

Prev Question Next Question

Question

Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The risk assessment is critical because it enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks.

The risk management process includes the risk assessment and determination of suitable technical, management, and operational security controls based on the level of threat the risk imposes.

Business units should be included in this process.

Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 7).

The correct answer is A. Risk assessment.

Explanation:

Risk assessment is the process of identifying and evaluating potential risks to an organization's operations, assets, or individuals. It involves identifying potential threats, assessing the likelihood of those threats occurring, and evaluating the potential impact of those threats.

Contingency planning is the process of developing strategies and procedures to ensure that critical business functions can continue in the event of a disruption or disaster. It involves identifying the most critical systems and processes and developing plans to ensure that they can be restored quickly in the event of a disruption.

Risk assessment enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks. By identifying and evaluating potential risks, the person responsible for contingency planning can determine which risks pose the greatest threat to the organization and allocate resources accordingly.

Residual risks are the risks that remain after security controls have been implemented. While residual risks can be useful in determining the effectiveness of security controls, they are not directly related to the prioritization of risk management efforts.

Security controls are the measures that organizations put in place to reduce the likelihood and impact of security risks. While security controls are an important part of risk management, they do not directly address the prioritization of risk management efforts.

Business units are the functional areas within an organization responsible for specific business processes or functions. While business units may be involved in the risk assessment process, they are not directly related to the prioritization of risk management efforts.