Certified in Risk and Information Systems Control (CRISC) — Question 1011

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

Answer options

• A. communicate the consequences for violations
• B. implement industry best practices
• C. reduce the organization's risk appetite
• D. reduce the risk to an acceptable level

Correct answer: D

Explanation

The correct answer is D, as the primary goal of a risk awareness program is to minimize risks to a level that the organization can accept. Options A, B, and C focus on aspects that are important but do not directly address the core aim of risk mitigation.