Certified in Risk and Information Systems Control (CRISC) — Question 1092

The operational risk associated with attacks on a web application should be owned by the individual in charge of:

Answer options

• A. network operations.
• B. the cybersecurity function.
• C. application development.
• D. the business function.

Correct answer: D

Explanation

The correct answer is D because operational risk is generally a business concern, and the business function is responsible for the overall risk management strategy. Options A, B, and C focus more on specific technical or functional aspects and do not encompass the broader business implications of operational risk.