A security analyst notices repeated failed login attempts from a single IP address on the VPN gateway. The analyst adjusts the threshold for account lockout and enables geo-ip blocking. This activity is part of which risk management process?
Trap 1: Risk identification
Risk identification is the initial step of recognizing threats; here the threat was already identified and controls were adjusted.
Trap 2: Risk assessment
Risk assessment quantifies and prioritizes risk; this scenario involves response to an ongoing event.
Trap 3: Risk reporting
Risk reporting communicates risk to stakeholders; the analyst took direct action without necessarily reporting first.
- A
Risk identification
Why wrong: Risk identification is the initial step of recognizing threats; here the threat was already identified and controls were adjusted.
- B
Risk assessment
Why wrong: Risk assessment quantifies and prioritizes risk; this scenario involves response to an ongoing event.
- C
Risk reporting
Why wrong: Risk reporting communicates risk to stakeholders; the analyst took direct action without necessarily reporting first.
- D
Risk monitoring
Adjusting controls based on observed events is a core risk monitoring activity.