Within the context of risk management, what are the essential components of an organization’s ongoing risk analysis?

Within the context of risk management, what are the essential components of an organization’s ongoing risk analysis?
A . Gap analysis, security policies, and migration
B . Assessment frequency, metrics, and data
C . Log scoping, log sources, and anomalies
D . Incident management, change management, and compliance

View Answer

Answer: B

Explanation:

The essential components of an organization’s ongoing risk analysis are assessment frequency, metrics, and data. Assessment frequency refers to how often the organization conducts risk assessments to monitor and measure the effectiveness of the zero trust architecture and policies.

Metrics refer to the quantitative and qualitative indicators that are used to evaluate the security posture, performance, and compliance of the zero trust architecture. Data refers to the information that is collected, analyzed, and reported from various sources, such as telemetry, logs, audits, and feedback, to support risk analysis and decision making.

Reference =

Zero Trust Planning – Cloud Security Alliance, section “Monitor & Measure”

How to improve risk management using Zero Trust architecture | Microsoft Security Blog, section “Monitoring and reporting”

Zero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessment – SEI Blog, section “Continuous Monitoring and Improvement”