Certified in Risk and Information Systems Control (CRISC) — Question 1099

Which of the following is the BEST risk management approach for the strategic IT planning process?

Answer options

• A. The IT strategic plan is developed from the organization-wide risk management plan.
• B. Risk scenarios associated with IT strategic initiatives are identified and assessed.
• C. Key performance indicators (KPIs) are established to track IT strategic initiatives.
• D. The IT strategic plan is reviewed by the chief information security officer (CISO) and enterprise risk management (ERM).

Correct answer: B

Explanation

Option B is correct because identifying and assessing risk scenarios helps in understanding potential challenges that may affect IT strategic initiatives. The other options, while relevant to risk management, do not directly address the proactive identification and evaluation of risks associated with those initiatives.