Certified in Risk and Information Systems Control (CRISC) — Question 1112

When assembling IT risk scenarios, it is MOST important that the scenarios:

Answer options

• A. describe worst-case situations and the inherent likelihood of risk.
• B. are linked to relevant business risk and corresponding information classification.
• C. can be used for efficient risk identification and subsequent risk analysis.
• D. consider the information criteria efficiency, effectiveness, and availability.

Correct answer: B

Explanation

The correct answer is B because linking scenarios to relevant business risk ensures that the risks identified are meaningful and applicable to the organization's context. Options A, C, and D, while relevant, do not address the importance of aligning risk scenarios with business objectives and information classification.