Which THREE of the following are common techniques for identifying risks?
Interviews with knowledgeable individuals are a key identification technique.
Why this answer
Stakeholder interviews are a common technique for identifying risks because they leverage the knowledge and experience of individuals who have a direct interest in or are affected by the project or system. By engaging stakeholders, you can uncover risks that may not be apparent from documentation or technical analysis, as they provide insights into operational, regulatory, and business-specific threats. This aligns with the risk identification process in the SSCP domain, which emphasizes gathering input from diverse sources to build a comprehensive risk profile.
Exam trap
ISC2 often tests the distinction between risk identification techniques and risk analysis or validation techniques, so the trap here is confusing a method like penetration testing (which validates controls) or quantitative analysis (which evaluates risk) with the initial discovery process of risk identification.