Isaca Certified in Risk and Information Systems Control CRISC Question # 25 Topic 3 Discussion

CRISC Exam Topic 3 Question 25 Discussion:

Question #: 25

Topic #: 3

Which of the following would BEST enable mitigation of newly identified risk factors related to internet of Things (loT)?

Introducing control procedures early in the life cycle

Implementing loT device software monitoring

Performing periodic risk assessments of loT

Performing secure code reviews

Get Premium CRISC Questions

Explanation

The BEST way to enable mitigation of newly identified risk factors related to internet of Things (loT) is to introduce control procedures early in the life cycle, because it can help to prevent or reduce the occurrence or impact of the risk factors, and to ensure that the loT devices and systems are designed and developed with security and quality in mind. The control procedures should include requirements analysis, design review, testing, validation, and verification of the loT devices and systems. The other options are not as effective as introducing control procedures early in the life cycle, because:

Option B: Implementing loT device software monitoring is a good way to detect and respond to the risk factors related to loT, but it does not enable mitigation of the risk factors, which is the proactive and preventive approach. Software monitoring is a reactive and corrective measure that may not be able to prevent or reduce the occurrence or impact of the risk factors, especially if they are embedded in the hardware or firmware of the loT devices.

Option C: Performing periodic risk assessments of loT is a necessary way to identify and evaluate the risk factors related to loT, but it does not enable mitigation of the risk factors, which is the action-oriented and solution-focused approach. Risk assessment is an analytical and descriptive process that may not provide the specific and effective measures to address or mitigate the risk factors, especially if they are complex or dynamic.

Option D: Performing secure code reviews is a useful way to verify and improve the security and quality of the software of the loT devices and systems, but it does not enable mitigation of the risk factors related to loT, which may involve more than just the software aspect. The risk factors related to loT may also include the hardware, firmware, network, communication, data, andintegration aspects, which may not be covered or resolved by the code reviews. References = Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, p. 214.

Actual exam question for Isaca CRISC exam by Arlo8294 at Aug 3, 2025, 8:49:51 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified in Risk and Information Systems Control CRISC Question # 25 Topic 3 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 25 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified in Risk and Information Systems Control CRISC Question # 25 Topic 3 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 25 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval