CRISC Certified in Risk and Information Systems Control – Question689

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

A.
security policies.
B. process maps.
C. risk tolerance level,
D. risk appetite.

Correct Answer: A