Isaca Certified in Risk and Information Systems Control CRISC Question # 196 Topic 20 Discussion

CRISC Exam Topic 20 Question 196 Discussion:

Question #: 196

Topic #: 20

A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

Increase in compliance breaches

Increase in loss event impact

Increase in residual risk

Increase in customer complaints

Get Premium CRISC Questions

Explanation

A loss event is an occurrence that results in a negative consequence or damage for an organization, such as a data breach, a cyberattack, or a natural disaster. The impact of a loss event is the extent or magnitude of the harm or loss caused by the event, such as financial losses, reputational damage, operational disruptions, or legal liabilities. A newly enacted information privacy law that significantly increases financial penalties for breaches of personally identifiable information (PII) will most likely increase the impact of a loss event for an organization affected by the new law, because it will increase the potential cost and severity of a data breach involving PII. The other options are not as likely as an increase in loss event impact, because they do not directly result from the new law, but rather depend on other factors, such as the organization’s risk management capabilities, as explained below:

A. Increase in compliance breaches is not a likely outcome, because it assumes that the organization will not comply with the new law, which would expose it to more risks and penalties. A rational organization would try to comply with the new law by implementing appropriate controls and measures to protect PII and prevent data breaches.

C. Increase in residual risk is not a likely outcome, because it assumes that the organization will not adjust its risk response strategies to account for the new law, which would leave it with more risk exposure than desired. A prudent organization would try to reduce its residual risk by enhancing its risk mitigation controls or transferring its risk to a third party, such as an insurance company.

D. Increase in customer complaints is not a likely outcome, because it assumes that the organization will experience more data breaches involving PII, which would affect its customersatisfaction and loyalty. A responsible organization would try to avoid data breaches by improving its security posture and practices, and by communicating transparently and effectively with its customers about the new law and its implications. References = Risk and Information Systems Control Study Manual, Chapter 2, Section 2.1.1, page 32.

Actual exam question for Isaca CRISC exam by Arlo30532 at Nov 16, 2025, 5:31:58 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Isaca Certified in Risk and Information Systems Control CRISC Question # 196 Topic 20 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 196 Topic 20 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Isaca Certified in Risk and Information Systems Control CRISC Question # 196 Topic 20 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 196 Topic 20 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval