CRISC Certified in Risk and Information Systems Control – Question155

Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

A.
Level 2
B. Level 0
C. Level 3
D. Level 1

Correct Answer: B

Explanation:

Explanation:
0 nonexistent: An enterprise’s risk management capability maturity level is 0 when:

  • The enterprise does not recognize the need to consider the risk management or the business impact from IT risk.
  • Decisions involving risk lack credible information.
  • Awareness of external requirements for risk management and integration with enterprise risk management (ERM) do not exists.

Incorrect Answers: A, C, D: These all are higher levels of capability maturity model and in this enterprise is mature enough to recognize the importance of risk management.