CRISC Certified in Risk and Information Systems Control – Question450

An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees. This situation would be considered:

A.
a risk
B. an incident
C. a threat
D. a vulnerability

Correct Answer: D