CompTIA CASP+ (CAS-004) — Question 430

As part of an organizational risk assessment, the compliance officer has worked with business unit leaders to identify risks and assess impacts to the organization. Which of the following activities should be performed next?

Answer options

• A. Review risks and assign remediation activities to stakeholders.
• B. Mitigate risk by obtaining a cyber insurance policy.
• C. Perform a gap analysis against application regulatory requirements.
• D. Use a business impact analysis to quantify the ROI for risk mitigation.

Correct answer: A

Explanation

The correct answer, A, is vital because it ensures that identified risks are addressed by assigning specific remediation activities to relevant stakeholders, thereby fostering accountability. Options B and C suggest alternative approaches that may not directly follow risk assessment, while D focuses on quantifying ROI, which is less immediate than addressing the identified risks.