Certified in Risk and Information Systems Control (CRISC) — Question 1121

A risk assessment of an organization’s architecture reveals that the middleware systems have a severe vulnerability that could compromise the confidentiality of record processing. Which of the following is the risk practitioner's BEST course of action?

Answer options

• A. Recommend additional budget to cover the cost of an upgrade.
• B. Develop a remediation plan with the business process owner.
• C. Escalate the issue to senior management.
• D. Document the issue in the business impact analysis (BIA).

Correct answer: B

Explanation

The best course of action is to develop a remediation plan with the business process owner because it directly addresses the vulnerability and involves the key stakeholders in the solution. While escalating the issue and documenting it are important, they do not actively resolve the vulnerability. Recommending a budget increase is also not the immediate priority without a clear plan in place.