Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
Management seeks to compare the risks of engaging an IaaS provider versus internal hosting. The best method for such a comparison is to map the risk scenarios by their likelihood and impact on a chart. This approach provides a visual representation that facilitates direct comparison, aiding in understanding the relative severity and potential consequences of different risks in each scenario. It supports strategic decision-making by showing which environment poses higher or lower risks, offering a comprehensive overview of the risk landscape.
question is about the 'method' of comparing risk scenarios. C would only give risk but nothing to compare to decision making
Risk assessment
Mapping risk scenarios by their likelihood and impact provides a visual representation (heat map) that makes it easier to compare the range and severity of risks associated with each option. C addresses only half of the comparison.
To add to the confusion, here is GPT4o and GPT4 explaining why it's not C: (1) Comparative Analysis: Mapping risk scenarios by likelihood and impact allows for a direct comparison between the risks associated with the IaaS provider and those of internal hosting. This visual comparison helps management understand the relative severity of different risks in both contexts. (2) Holistic View: A risk assessment on the IaaS provider (option C) focuses solely on the external provider's risks, without directly comparing them to internal risks. Option B, on the other hand, includes both internal and external risk scenarios on the same chart, offering a holistic view. (3) Decision-Making: Management can make more informed decisions when they see how risks compare in terms of both likelihood and impact. This approach supports strategic decision-making by clearly showing which environment (IaaS or internal) presents higher or lower risks. GPT3.5 said C. Anyone have any quotes from the ISACA book to determine if its C or B?