Which of the following functions needed to implement the information security program evaluates risk present in IT initiatives and/or systems?
A) Risk management
B) Risk assessment
C) Systems testing
D) Vulnerability assessment

Question

Quizplus · Accepted Answer

Risk assessment is the process of identifying and evaluating potential threats and vulnerabilities in an IT system or initiative to determine the level of risk associated with them. This function is necessary to implement an effective information security program. Risk management includes developing strategies and procedures to mitigate or manage identified risks, while systems testing and vulnerability assessments are components of risk assessment. However, neither of these functions on their own is sufficient to evaluate risk across an organization or IT environment.

Which of the Following Functions Needed to Implement the Information