Exam GICSP Topic 1 Question 74 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 74
Topic #: 1
What approach can an organization use to make sure that high consequence, low probability risks are considered during risk analysis?

Suggested Answer: A Vote an answer

In risk analysis, high consequence, low probability risks-such as catastrophic failures or attacks-require special attention. The best approach to ensure these risks are properly considered is to prioritize risks based on impact (A), focusing on the potential severity of consequences if the event occurs, regardless of its frequency.
Giving frequency or likelihood (B, D) a higher weight can lead to underestimating rare but highly damaging risks.
Mitigation cost (C) is a factor in decision-making but does not ensure identification or prioritization of high- impact risks.
GICSP emphasizes a balanced risk management process where impact or consequence is a critical criterion, especially in ICS environments where safety and critical infrastructure availability are paramount.
Reference:
GICSP Official Study Guide, Domain: ICS Risk Management
NIST SP 800-30 Rev 1 (Risk Management Guide for Information Technology Systems) GICSP Training on Risk Assessment and Prioritization

by Florence at Mar 29, 2026, 08:27 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10