Performing a threat assessment is the best course of action for a risk practitioner upon learning that regulatory authorities have concerns with an emerging technology that the organization is considering, because it helps to identify and analyze the sources and types of threats that may exploit the vulnerabilities or weaknesses of the technology, and to estimate their likelihood and impact. A threat is a potential event or action that may cause harm or damage to the organization or its objectives, such as a natural disaster, a cyberattack, or a human error. A threat assessment is a process of systematically identifying and assessing the threats that an organization faces, and estimating their probability and severity. An emerging technology is a new or innovative technology that has the potential to disrupt or transform the existing markets, industries, or practices, such as artificial intelligence, blockchain, or biotechnology. An emerging technology may offer benefits such as competitive advantage, efficiency, or creativity, but it may also pose risks such as technical complexity, interoperability issues, regulatory uncertainty, or ethicaldilemmas. Therefore, performing a threat assessment is the best course of action, as it helps to understand and evaluate the threats and their consequences, and to determine the appropriate controls or mitigating factors to reduce or eliminate them. Redesigning key riskindicators (KRIs), updating risk responses, and conducting a SWOT analysis are all possiblecourses of action to perform after performing a threat assessment, but they are not the best course of action, as they depend on the results and recommendations of the threat assessment. References = Risk and Information Systems Control Study Manual, Chapter 3, Section 3.2.2, page 87
Submit