Certified in Risk and Information Systems Control (CRISC) — Question 1017

Which of the following is a risk practitioner’s BEST course of action upon learning that regulatory authorities have concerns with an emerging technology the organization is considering?

Answer options

• A. Update risk responses.
• B. Perform a threat assessment.
• C. Redesign key risk indicators (KRIs).
• D. Conduct a SWOT analysis.

Correct answer: B

Explanation

Performing a threat assessment (Option B) is the most appropriate initial step as it helps identify and evaluate potential risks associated with the emerging technology. Updating risk responses, redesigning KRIs, and conducting a SWOT analysis are important but come after understanding the specific threats posed by the technology.