Isaca Certified in Risk and Information Systems Control CRISC Question # 380 Topic 39 Discussion

CRISC Exam Topic 39 Question 380 Discussion:

Question #: 380

Topic #: 39

The operational risk associated with attacks on a web application should be owned by the individual in charge of:

network operations.

the cybersecurity function.

application development.

the business function.

Get Premium CRISC Questions

Explanation

The operational risk associated with attacks on a web application should be owned by the individual in charge of the business function, because they are the primary stakeholder and beneficiary of the web application, and they are responsible for defining and achieving the business objectives and requirements that the web application supports or enables. Anoperational risk is a risk of loss or damage resulting from inadequate or failed internal processes, people, or systems, or from external events. An attack on a web application is a type of operational risk that involves a malicious or unauthorized attempt to compromise the confidentiality, integrity, or availability of the web application, such as a denial-of-service attack, a SQL injection attack, or a cross-site scripting attack. A web application is an application that runs on a web server and can be accessed or used through a web browser, such as an online shopping site, a social media platform, or a web-based email service. A business function is a set of activities or tasks that support or enable the organization’s vision, mission, and strategy, such as marketing, sales, or customer service. A risk owner is a person or role that has the authority and accountability to manage a specific risk, and to implement and monitor the risk response and controls. The individual in charge of the business function should be the risk owner, as they have the best understanding and interest of the web application and its business value and impact, and they have the ability and responsibility to manage the operational risk associated with the attacks on the web application. The individual in charge of network operations, the cybersecurity function, or application development are all possible candidates for the risk owner, but they are not the best choice, as they may not have the same level of stake and influence in the web application and its business objectives and requirements, and they may have different orconflicting priorities or perspectives on the operational risk and its management. References = Risk and Information Systems Control Study Manual, Chapter 3, Section 3.4.1, page 101

Actual exam question for Isaca CRISC exam by Milo6369 at Aug 3, 2025, 11:24:03 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified in Risk and Information Systems Control CRISC Question # 380 Topic 39 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 380 Topic 39 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified in Risk and Information Systems Control CRISC Question # 380 Topic 39 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 380 Topic 39 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval