CRISC Certified in Risk and Information Systems Control – Question772

Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

A.
Investigate the root cause of noncompliance.
B. Declare a security breach and inform management.
C. Develop incident response procedure for noncompliance.
D. Conduct a comprehensive compliance review.

Correct Answer: A