CRISC Certified in Risk and Information Systems Control – Question238 - CRISC Certified in Risk and Information Systems Control

You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)

A. Education of staff or business partners
B. Deployment of a threat-specific countermeasure
C. Modify of the technical architecture
D. Apply more controls

Correct Answer: ABC

Explanation:

Explanation:
As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the:

Modification of the technical architecture
Deployment of a threat-specific countermeasure
Implementation of a compensating mechanism or process until mitigating controls are developed
Education of staff or business partners

Incorrect Answers:
D: Applying more controls is not the good solution. They usually complicate the condition.