Security consultants can be classified into three major categories. Which set lists these categories?

Security consultants are typically grouped into three broad practice areas: security risk consultants, compliance consultants, and audit consultants. Security risk consultants focus on identifying and evaluating threats to people, property, and information, quantifying likelihood and impact, and developing plans to reduce or transfer those risks. Compliance consultants ensure the organization adheres to applicable laws, regulations, and standards, building governance programs and guiding the implementation of required controls. Audit consultants provide independent verification of controls and processes, assessing effectiveness, reporting findings, and recommending improvements. This trio covers identifying risks, ensuring regulatory and policy adherence, and independently validating the effectiveness of security measures. The other sets mix roles that don’t align with these three core paths, such as combining technical or forensic specialties with non-security disciplines or including training, PR, or insurance as primary security consulting categories.