CRISC Certified in Risk and Information Systems Control – Question841

A new international data privacy regulation requires personal data to be disposed after the specified retention period, which is different from the local regulatory requirement. Which of the following is the risk practitioner's BEST recommendation to resolve the disparity?

A.
Adopt the international standard.
B. Adopt the standard determined by legal counsel.
C. Adopt the local standard.
D. Adopt the least stringent standard determined by the risk committee.

Correct Answer: B

CRISC Certified in Risk and Information Systems Control – Question836

A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?

A.
The alternative site does not reside on the same fault no matter how far the distance apart.
B. The contingency plan provides for backup media to be taken to the alternative site.
C. The contingency plan for high priority applications does not involve a shared cold site.
D. The alternative site is a hot site with equipment ready to resume processing immediately.

Correct Answer: A

CRISC Certified in Risk and Information Systems Control – Question835

Which of the following is the GREATEST benefit of updating the risk register to include outcomes from a risk assessment?

A.
It facilitates timely risk-based decisions.
B. It helps to mitigate internal and external risk factors.
C. It validates the organization’s risk appetite.
D. It maintains evidence of compliance with risk policy.

Correct Answer: A