Risk assessment is a key process in security management that identifies, evaluates, and prioritizes risks to organizational operations and assets. It considers various controls and safeguards to mitigate those risks.
Administrative safeguards are part of the components used in risk assessments and include:
Policies
Procedures
Training
Security awareness programs
Incident response planning
From CEH v13:
Module 1: Introduction to Ethical Hacking
Module 20: Cryptography (as it discusses risk management and governance)
Topic: Security Controls and Risk Management Frameworks
CEH v13 Official Courseware states:
“Administrative controls, also known as administrative safeguards, form a critical component of risk assessments. These include documented security policies, user training, security audits, and incident response plans that help an organization manage and reduce risks.”
Incorrect Options:
B. Physical security is a type of safeguard but not typically referred to as a "component" of a risk assessment itself.
C. DMZ (Demilitarized Zone) is a network architecture concept, not a risk assessment component.
D. Logical interface refers to system architecture and network segmentation—not risk assessment methodology.
[Reference:CEH v13 Study Guide – Module 1: Introduction to Ethical Hacking → Section: “Risk Management Concepts”NIST SP 800-30: Guide for Conducting Risk Assessments, ]
Submit