Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC.
How many primary steps does NIST’s risk assessment methodology involve?
A . Twelve
B . Four
C . Six
D . Nine
Answer: D