Isaca Certified in Risk and Information Systems Control CRISC Question # 115 Topic 12 Discussion
CRISC Exam Topic 12 Question 115 Discussion:
Question #: 115
Topic #: 12
An organization is developing a plan to address new information security risks emerging from business changes. Which of the following BEST enables stakeholders to make decisions impacting organizational strategy?
A.
The impact of the new risk is clearly presented
B.
Benchmarking information is provided
C.
Technical expertise to address new risk scenarios is available
D.
The cost of implementing the strategy is within budget
CRISC emphasizesrisk communicationin decision-making. Stakeholders can only make effective strategic decisions if thebusiness impactof risk is clearly presented.
“The purpose of risk communication is to enable informed decision-making by clearly presenting the potential impact of risk on business objectives.”
Benchmarking and cost data support the discussion but are secondary to understanding impact severity.
Hence,Ais correct.
CRISC Reference:Domain 4 – Risk Monitoring and Reporting, Topic: Risk Communication Principles.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit