CRISC Certified in Risk and Information Systems Control – Question589

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

A.
Control self-assessment (CSA)
B. Vulnerability and threat analysis
C. User acceptance testing (UAT)
D. Control remediation planning

Correct Answer: B