CRISC Certified in Risk and Information Systems Control – Question088

Which of the following represents lack of adequate controls?

A.
Vulnerability
B. Threat
C. Asset
D. Impact

Correct Answer: A

Explanation:

Explanation:
Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Hence lack of adequate controls represents vulnerability and would ultimately cause threat to the enterprise.
Incorrect Answers:
B: Threat is the potential cause of unwanted incident.
C: Assets are economic resources that are tangible or intangible, and is capable of being owned or controlled to produce value.
D: Impact is the measure of the financial loss that the threat event may have.