CRISC Certified in Risk and Information Systems Control – Question293
You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize? A. Vulnerability assessment report B. Business case C. Technical evaluation report D. Budgetary requirements
Correct Answer: B
Explanation:
Explanation:
As business case includes business need (like new product, change in process, compliance need, etc.) and the requirements of the enterprise (new technology, cost, etc.), risk professional should utilize this for implementing specific risk mitigation activity. Risk professional must look at the costs of the various controls and compare them against the benefits that the organization will receive from the risk response. Hence he/she needs to have knowledge of business case development to illustrate the costs and benefits of the risk response.
Incorrect Answers: A, C, D: These all options are supplemental.
Please disable your adblocker or whitelist this site!