Isaca Certified in Risk and Information Systems Control CRISC Question # 38 Topic 4 Discussion
CRISC Exam Topic 4 Question 38 Discussion:
Question #: 38
Topic #: 4
An organization has experienced several incidents of extended network outages that have exceeded tolerance. Which of the following should be the risk practitioner's FIRST step to address this situation?
A.
Recommend additional controls to address the risk.
B.
Update the risk tolerance level to acceptable thresholds.
C.
Update the incident-related risk trend in the risk register.
The first step for the risk practitioner to address the situation of extended network outages that have exceeded tolerance is to recommend a root cause analysis of the incidents. A root cause analysis is a process of identifying and resolving the underlying causes of a problem or an event. By performing a root cause analysis, the risk practitioner can determine why the network outages occurred, what factors contributed to them, and how they can be prevented or reduced in the future. Recommending additional controls, updating the risk tolerance level, and updating the incident-related risk trend are possible steps that may follow the root cause analysis, but they are not the first step. References = ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 4; CRISC Review Manual, 6th Edition, page 153.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit