CompTIA CASP+ (CAS-003) — Question 219

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

Answer options

• A. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
• B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
• C. corporate general counsel requires a single system boundary to determine overall corporate risk exposure
• D. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

Correct answer: B

Explanation

The correct answer is B because risks in one business unit can have unforeseen impacts on others, which emphasizes the need for a centralized view. Options A, C, and D do not capture the importance of interconnected risks across business units, focusing instead on risk isolation, legal boundaries, and funding priorities, respectively.