Question 25
UnclassifiedWhich of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
Correct answer: D
Explanation
Impact analysis identifies what happens if an incident occurs by estimating the resulting "reputational harm and/or financial harm." In risk management, this step measures the consequences of an event so an organization can prioritize controls and response planning.
Why each option is right or wrong
A. Mitigations
B. Residual risk
C. Likelihood
D. Impact Analysis
Impact analysis is the risk-management step used to assess the consequences of an incident after it occurs, including the likely business disruption, reputational damage, and direct financial loss. In standard incident-response and business-continuity frameworks, this analysis quantifies severity so the organization can rank scenarios by consequence rather than likelihood alone.