A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task is to write a new, relevant risk assessment for the organization. Which of the following help to the CISO find relevant risks to the organization? (Choose two.)
A. Perform a penetration test.
B. Conduct a regulatory audit.
C. Hire a third-party consultant.
D. Define the threat model.
E. Review the existing BIA.
F. Perform an attack path analysis.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
C and E
Whereas BIA can be conducted without risk assessment, risk assessment can’t reasonably occur without some form of BIA: risk assessment should use BIA to quantify and prioritise the risks it finds.
https://www.inoni.co.uk/blog/business-impact-analysis-vs-risk-assessment
C, E – CIO recently changed jobs into a “NEW INDUSTRY” … he/she has lots of learning to do…
Review the BIA
Hire a consultant to get it right.
A and B for me
B and C.
C and E