CRISC Certified in Risk and Information Systems Control – Question833

When establishing an enterprise IT risk management program, it is MOST important to:

A.
review alignment with the organization’s strategy.
B. understand the organization’s information security policy.
C. validate the organization’s data classification scheme.
D. report identified IT risk scenarios to senior management.

Correct Answer: A