Which of the following functions needed to implement the information security program identifies the sources of risk and may offer advice on controls that can reduce the risk?
A) Risk management
B) Legal assessment
C) Incident response
D) Risk assessment

Question

Quizplus · Accepted Answer

The function that identifies the sources of risk and advises on controls that can reduce the risk is risk assessment. This function is necessary to determine the level of risk to the organization's information and offer recommended controls to mitigate or reduce the risk. Risk management involves analyzing and evaluating risks and determining responses to those risks. Legal assessment is necessary to assess the organization's compliance with laws and regulations related to information security. Incident response involves preparing for and responding to security incidents.

Which of the Following Functions Needed to Implement the Information