Isaca Certified in Risk and Information Systems Control CRISC Question # 279 Topic 28 Discussion
CRISC Exam Topic 28 Question 279 Discussion:
Question #: 279
Topic #: 28
An organization's risk management team wants to develop IT risk scenarios to show the impact of collecting and storing credit card information. Which of the following is the MOST comprehensive approach to capture this scenario?
According to the ISACA Risk and Information Systems Control study guide and handbook, the most comprehensive approach to capture the risk scenario of collecting and storing credit card information is event tree analysis (ETA). ETA is a forward, top-down, logical modeling technique that explores the responses and outcomes of a single initiating event, such as a data breach or a cyberattack. ETA can help to identify all possible consequences of the scenario, such as financial losses, reputational damages, legal liabilities, regulatory penalties, and customer dissatisfaction. ETA can also help to assess the probabilities of the outcomes and the effectiveness of the controls and mitigation strategies12
1: ISACA Risk and Information Systems Control Study Guide, 4th Edition, page 33 2: ISACA Risk and Information Systems Control Handbook, 1st Edition, page 25
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit