Isaca Certified in Risk and Information Systems Control CRISC Question # 386 Topic 39 Discussion
CRISC Exam Topic 39 Question 386 Discussion:
Question #: 386
Topic #: 39
A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?
The best person to own the unmitigated risk of the technology is the IT system owner. The IT system owner is the person or entity that has the authority and responsibility for the acquisition, development, maintenance, and operation of the IT system. The IT system owner is also responsible for ensuring that the IT system meets the business requirements, security standards, and compliance obligations of the enterprise. The IT system owner should own the unmitigated risk of the technology, as they are in the best position to understand the nature and impact of the risk, and to implement the appropriate risk responses to reduce the risk exposure to an acceptable level. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 1, Section 1.3.1, page 251234
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit