ISACA-CRISC

Isaca's CRISC Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

Isaca's CRISC Risk management strategies are PRIMARILY adopted to:

Isaca's CRISC Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise's brand on Internet sites?

Isaca's CRISC Which of the following is the GREATEST risk associated with using unmasked data for testing purposes?

Isaca's CRISC An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

Isaca's CRISC Which of the following is a KEY outcome of risk ownership?

Isaca's CRISC Which of the following should be an element of the risk appetite of an organization?

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?

Isaca's CRISC An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data. Which of the following provides the BEST input to assess the inherent risk impact?

Isaca's CRISC An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. The risk practitioner should report to management that the risk has been:

Isaca's CRISC A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

Isaca's CRISC What is the BEST information to present to business control owners when justifying costs related to controls?

Isaca's CRISC Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

Isaca's CRISC An organization is considering acquiring a new line of business and wants to develop new IT risk scenarios to guide its decisions. Which of the following would add the MOST value to the new risk scenarios?

Isaca's CRISC For the first time, the procurement department has requested that IT grant remote access to third-party suppliers. Which of the following is the BEST course of action for IT in responding to the request?

Isaca's CRISC Which of the following is the BEST control to detect an advanced persistent threat (APT)?

Isaca's CRISC What is the PRIMARY reason to periodically review key performance indicators (KPIs)?

Isaca's CRISC Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

Isaca's CRISC To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

Isaca's CRISC From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

Isaca's CRISC Which of the following is the BEST indication of an effective risk management program?

Isaca's CRISC A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

Isaca's CRISC Participants in a risk workshop have become focused on the financial cost to mitigate risk rather than choosing the most appropriate response. Which of the following is the BEST way to address this type of issue in the long term?

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

Isaca's CRISC In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

Isaca's CRISC Which of the following would be MOST useful when measuring the progress of a risk response action plan?

Isaca's CRISC An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

Isaca's CRISC When evaluating enterprise IT risk management, it is MOST important to:

Isaca's CRISC Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

Isaca's CRISC Which of the following should be management's PRIMARY consideration when approving risk response action plans?