Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

• Frame the risk.
• Monitor the risk.
• Respond to the risk.
• Assess the risk.

Explanation: Risk management is a formal process that reduces the impact of threats and vulnerabilities. The process involves four general steps:
- Frame the risk - Identify the threats throughout the organization that increase risk.
- Assess the risk - Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses.
- Respond to the risk - Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat.
- Monitor the risk - Continuously review risk reductions due to elimination, mitigation and transfer actions.

Exam with this question: Checkpoint Exam: Vulnerability Assessment and Risk Management
Exam with this question: Cyber Threat Management - 5.4.2 Risk Management and Security Controls Quiz