A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task is to write a new, relevant risk assessment for the organization .
Which of the following help to the CISO find relevant risks to the organization? (Choose two.)
A. Perform a penetration test.
B. Conduct a regulatory audit.
C. Hire a third-party consultant.
D. Define the threat model.
E. Review the existing BIA.
F. Perform an attack path analysis.
Answer: C,E