When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
A . Evaluate productivity losses
B . Assess the impact of confidential data disclosure
C . Calculate the value of the information or asset
D . Measure the probability of occurrence of each threat
Answer: C
Explanation:
Calculating the value of the information or asset is the first step in a risk analysis process to determine the impact to the organization, which is the ultimate goal. Determining how much productivity could be lost and how much it would cost is a step in the estimation of potential risk process. Knowing the impact if confidential information is disclosed is also a step in the estimation of potential risk. Measuring the probability of occurrence for each threat identified is a step in performing a threat analysis and therefore a partial answer.
Leave a Reply