(ISC)2 Certified in Cybersecurity Practice Exam

What term describes the collection of risks that an organization encounters?

• A. Risk Inventory
• B. Risk Database
• C. Risk Profile
• D. Risk Portfolio

The correct answer is: Risk Profile

The correct term that describes the collection of risks that an organization encounters is the concept commonly known as a risk profile. A risk profile provides a comprehensive overview of the various risks that an organization may face in its environment, including operational, strategic, financial, and compliance risks. This concept helps organizations understand their risk exposure and make informed decisions about risk management strategies. A risk profile typically includes qualitative and quantitative analysis of potential risks, assessing their likelihood and impact on the organization. It allows institutions to prioritize their risks, allocate resources effectively, and develop appropriate risk mitigation strategies tailored to their unique circumstances. In contrast, while terms like risk inventory, risk database, and risk portfolio may relate to aspects of risk management, they do not encapsulate the entirety of an organization's risk exposure in the same way that a risk profile does. A risk inventory may focus more on listing specific risks, a risk database implies a structured repository of data related to risks, and a risk portfolio might suggest a management view of risks that includes strategies or investments related to those risks. However, none of these terms represent a holistic view of the range of risks an organization encounters like the risk profile does.