ISACA-CRISC

Isaca's CRISC Which of the following is the PRIMARY consideration when establishing an organization's risk management methodology?

Isaca's CRISC Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?

Isaca's CRISC Which of the following is MOST helpful in developing key risk indicator thresholds?

Isaca's CRISC What is the PRIMARY reason to categorize risk scenarios by business process?

Isaca's CRISC Which of the following BEST indicates the effectiveness of an organization's data loss prevention (DLP) program?

Isaca's CRISC An organization has outsourced its IT security management function to an external service provider. The BEST party to own the IT security controls under this arrangement is the:

Isaca's CRISC Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?

Isaca's CRISC A risk practitioner has populated the risk register with industry-based generic risk scenarios to be further assessed by risk owners. Which of the following is theGREATEST concern with this approach?

Isaca's CRISC An identified high-probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy (ALE). Which of the following is the BEST risk response?

Isaca's CRISC Which of the following should be the PRIMARY focus of an IT risk awareness program?

Isaca's CRISC Which of the following is the BEST indicator of an effective IT security awareness program?

Isaca's CRISC Which of the following is the MOST important benefit of key risk indicators (KRIs)?

Isaca's CRISC Which of the following is the GREATEST concern associated with redundant data in an organization's inventory system?

Isaca's CRISC Employees are repeatedly seen holding the door open for others, so that trailing employees do not have to stop and swipe their own ID badges. This behaviorBEST represents:

Isaca's CRISC Which of the following would BEST help minimize the risk associated with social engineering threats?

Isaca's CRISC When reviewing a business continuity plan (BCP), which of the following would be the MOST significant deficiency?

Isaca's CRISC An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

Isaca's CRISC Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

Isaca's CRISC An organization has experienced several incidents of extended network outages that have exceeded tolerance. Which of the following should be the risk practitioner's FIRST step to address this situation?

Isaca's CRISC Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?

Isaca's CRISC The compensating control that MOST effectively addresses the risk associated with piggybacking into a restricted area without a dead-man door is:

Isaca's CRISC During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. The overall control environment may still be effective if:

Isaca's CRISC An IT control gap has been identified in a key process. Who would be the MOST appropriate owner of the risk associated with this gap?

Isaca's CRISC Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

Isaca's CRISC An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner's FIRST course of action?

Isaca's CRISC Which of the following is the GREATEST advantage of implementing a risk management program?

Isaca's CRISC Which of the following should be of MOST concern to a risk practitioner reviewing findings from a recent audit of an organization's data center?

Isaca's CRISC A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

Isaca's CRISC When developing risk scenarios, it is MOST important to ensure they are:

Isaca's CRISC An organization is planning to acquire a new financial system. Which of the following stakeholders would provide the MOST relevant information for analyzing the risk associated with the new IT solution?