When conducting a risk analysis the audit team begins with identifying threats and potential impacts of those threats of those threats becoming realized. What is the next step?

A. Inform executive management of the threats and impacts found in the risk analysis

B. Identify and evaluate the existing controls of the organization

C. Determine appropriate security controls to mitigate the identified threats and vulnerabilities

D. Implement appropriate security controls to protect the organization from the identified threats and vulnerabilities

E. A & C

F. C & D

Answer :

option F

When conducting a risk analysis the audit team begins with identifying threats and potential impacts of those threats of those threats becoming realized.  The next step is Determine appropriate security controls to mitigate the identified threats and vulnerabilities and Implement appropriate security controls to protect the organization from the identified threats and vulnerabilities.

Explanation :

The venture hazard evaluation and undertaking hazard the board forms contain the core of the data security system. These are the procedures that set up the standards and rules of the security arrangement while changing the goals of a data security system into explicit designs for the execution of key controls and instruments that limit dangers and vulnerabilities. Each piece of the innovation framework ought to be evaluated for its hazard profile. From that appraisal, an assurance ought to be made to viably and effectively dispense the association's time and cash toward accomplishing the most fitting and best utilized generally speaking security arrangements. The way toward performing such a hazard evaluation can be very intricate and should consider auxiliary and different impacts of activity (or inaction) when concluding how to address security for the different IT assets.

Contingent upon the size and multifaceted nature of an association's IT condition, it might turn out to be certain that what is required isn't so much a careful and separated evaluation of exact qualities and dangers, yet a progressively broad prioritization. Assurance of how security assets are assigned should join key business administrators' hazard cravings, as they have a more noteworthy comprehension of the association's security chance universe and are better prepared to settle on that choice.

Every association is extraordinary, so the choice with regards to what sort of hazard evaluation ought to be performed relies to a great extent upon the particular association. In the event that it is resolved that all the association needs right now is general prioritization, a disentangled way to deal with a venture security hazard evaluation can be taken and, regardless of whether it as of now has been resolved that a more top to bottom appraisal must be finished, the streamlined methodology can be a useful initial phase in creating a review to control dynamic in quest for that more inside and out evaluation.

On the off chance that one is uncertain what sort of evaluation the association requires, a streamlined appraisal can help make that assurance. In the event that one finds that it is difficult to deliver exact outcomes during the time spent finishing a disentangled evaluation—maybe on the grounds that this procedure doesn't consider a point by point enough arrangement of appraisal factors—this by itself can be useful in deciding the kind of appraisal the association needs.

The appraisal approach or procedure dissects the connections among resources, dangers, vulnerabilities and different components. There are various approachs, yet when all is said in done they can be grouped into two primary sorts: quantitative and subjective investigation. The philosophy picked ought to have the option to deliver a quantitative explanation about the effect of the hazard and the impact of the security issues, along with some subjective proclamations depicting the hugeness and the suitable safety efforts for limiting these dangers.

Security hazard evaluation ought to be a constant action. An extensive venture security chance evaluation ought to be directed in any event once like clockwork to investigate the dangers related with the association's data frameworks. An endeavor security chance evaluation can just give a preview of the dangers of the data frameworks at a specific point in time. For strategic data frameworks, it is energetically prescribed to direct a security chance evaluation all the more much of the time, if not consistently.