Which of the following involves defining the various threats, determining the extent of vulnerabilities, and devising countermeasures against a possible attack?
Which of the following involves defining the various threats, determining the extent of vulnerabilities, and devising countermeasures against a possible attack?
Risk assessment involves identifying potential threats, assessing vulnerabilities, and developing countermeasures to mitigate risks and enhance security against possible attacks. This definition aligns with the question's focus on defining threats, determining vulnerabilities, and devising countermeasures.
why is the answer not B?
Risk analysis is the global term which include both qualitative and quantitative risk analysis. In this case, we are talking about various threats and how to mitigate a possible attack. We are clearly speaking about qualitative risk analysis.
sounds legitimate but where in BABOK V3 this has been explained? I couldn't find this justification anywhere!
Risk Assessment involves identifying potential threats, assessing vulnerabilities, and developing countermeasures to mitigate risks and enhance security against possible attacks.
BABOK v3 discusses qualitative and quantitative MEASURES in the context of risk assessment, not just in risk analysis. In the broader context of business analysis, these measures are indeed used to assess risks, including defining threats, vulnerabilities, and countermeasures. Therefore, considering the broader understanding of risk assessment within the business analysis domain, options A, B, and D could be acceptable. However, option C, "Risk assessment," is the most specific and direct term that encompasses the process of defining threats, determining vulnerabilities, and devising countermeasures against potential attacks.
Key word "a possible attack" We are assessing the risk of "a possible attack" So Ans is C
B is correct because 'Risk assessment' is a term not used in BABOK v3. It uses terms 'Risk Analysis and Management' and 'Risk Analysis'. Further, from question, it is not clear whether the threat is quantifiable or not. So, qualitative or quantitative analysis cannot be specified.