CRISC Certified in Risk and Information Systems Control – Question283 - CRISC Certified in Risk and Information Systems Control

You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

A. Reduction in the frequency of a threat
B. Minimization of inherent risk
C. Reduction in the impact of a threat
D. Minimization of residual risk

Correct Answer: B

Explanation:

Explanation: The inherent risk of a process is a given and cannot be affected by risk reduction or risk mitigation efforts. Hence it should be reduced as far as possible.
Incorrect Answers:
A: Risk reduction efforts can focus on either avoiding the frequency of the risk or reducing the impact of a risk.
C: Risk reduction efforts can focus on either avoiding the frequency of the risk or reducing the impact of a risk.
D: The objective of risk reduction is to reduce the residual risk to levels below the enterprise’s risk tolerance level.