ISACA-CRISC

Isaca's CRISC An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?

Isaca's CRISC IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would be MOST helpful?

Isaca's CRISC In an organization dependent on data analytics to drive decision-making, which of the following would BEST help to minimize the risk associated with inaccurate data?

Isaca's CRISC Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

Isaca's CRISC Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

Isaca's CRISC Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

Isaca's CRISC Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

Isaca's CRISC Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?

Isaca's CRISC When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

Isaca's CRISC The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager's BEST approach to this request before sharing the register?

Isaca's CRISC Which of the following is MOST effective against external threats to an organization's confidential information?

Isaca's CRISC Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

Isaca's CRISC A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?

Isaca's CRISC The GREATEST concern when maintaining a risk register is that:

Isaca's CRISC Which of the following would BEST help an enterprise prioritize risk scenarios?

Isaca's CRISC Which of the following is MOST useful when communicating risk to management?

Isaca's CRISC Which of the following should be the PRIMARY input when designing IT controls?

Isaca's CRISC A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

Isaca's CRISC A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. Which of the following is the MOST likely reason for senior management's response?

Isaca's CRISC Which of the following should be the HIGHEST priority when developing a risk response?

Isaca's CRISC Risk mitigation procedures should include:

Isaca's CRISC Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?

Isaca's CRISC Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

Isaca's CRISC The MAIN purpose of having a documented risk profile is to:

Isaca's CRISC Which of the following is the MOST important foundational element of an effective three lines of defense model for an organization?

Isaca's CRISC Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

Isaca's CRISC Which of the following is MOST critical to the design of relevant risk scenarios?

Isaca's CRISC Which of the following will BEST mitigate the risk associated with IT and business misalignment?

Isaca's CRISC Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

Isaca's CRISC An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan. Which of the following is the risk practitioner's BEST course of action?