Isaca Certified in Risk and Information Systems Control CRISC Question # 285 Topic 29 Discussion
CRISC Exam Topic 29 Question 285 Discussion:
Question #: 285
Topic #: 29
A risk practitioner is evaluating policies defined by an organization as part of its IT security framework. Which of the following would be of GREATEST concern?
A.
Lack of alignment with global security standards
B.
Inadequate policy enforcement
C.
Lack of a single repository for security procedures
CRISC emphasizes thatthe effectiveness of policies depends on enforcement. Even well-written, standards-aligned policies have no value if they are not consistently followed. Lack of enforcement allows inconsistent behavior, increases control breakdowns, and undermines risk governance. Alignment with global standards is beneficial but not essential for effectiveness. A missing repository creates administrative inefficiencies but does not directly increase risk. Higher cost is a business consideration but not a risk governance concern. Insufficient enforcement is the most critical issue because it directly leads to risk exposure and control failure.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit