(ISC)2 Certified in Cybersecurity Practice Exam

Which risk management process includes risk detection and ongoing monitoring?

• A. Risk Evaluation
• B. Risk Management
• C. Risk Assessment
• D. Risk Avoidance

The correct answer is: Risk Management

The chosen answer highlights the comprehensive nature of risk management as a continuous process. In the context of cybersecurity, risk management encompasses a set of activities designed to identify, analyze, and mitigate risks over time. The inclusion of risk detection and ongoing monitoring is central to this process because it ensures that an organization remains vigilant against emerging threats and vulnerabilities. Risk management is not just a one-time assessment; rather, it requires a proactive approach that involves continuously evaluating the environment, the effectiveness of security controls, and the evolving threat landscape. By integrating risk detection and ongoing monitoring into the risk management process, organizations can adapt and respond to changes in real-time, enhancing their resilience against potential risks. In contrast, the other options focus on specific aspects or stages of risk management. Risk evaluation usually refers to the process of analyzing identified risks to determine their significance and to prioritize them for treatment. Risk assessment encompasses both risk identification and evaluation but doesn't inherently imply continuous monitoring. Risk avoidance, on the other hand, involves strategies to eliminate risks altogether rather than managing them over time. Thus, risk management as a whole encompasses the ongoing monitoring and detection necessary to respond to risks effectively.