CRISC Certified in Risk and Information Systems Control – Question162

You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results. You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?

A.
Apply risk response
B. Optimize Key Risk Indicator
C. Update risk register
D. Perform quantitative risk analysis

Correct Answer: B

Explanation:

Explanation:
As the sensitivity of the monitoring tool has to be changed, therefore it requires optimization of Key Risk Indicator. The monitoring tool which is giving alerts is itself acting as a risk indicator. Hence to change the sensitivity of the monitoring tool to give alert only for critical situations requires optimization of the KRI.
Incorrect Answers: A, C, D: These options are not relevant to the change of sensitivity of the monitoring tools.