Certified in Risk and Information Systems Control (CRISC) — Question 1132

An enterprise has taken delivery of software patches that address vulnerabilities in its core business software. Prior to implementation, which of the following is the MOST important task to be performed?

Answer options

• A. Seek information from the software vendor to enable effective application of the patches.
• B. Assess the impact of applying the patches on the production environment.
• C. Determine in advance an off-peak period to apply the patches.
• D. Survey other enterprises regarding their experiences with applying these patches.

Correct answer: B

Explanation

The correct answer is B because assessing the impact of the patches on the production environment is crucial to avoid disruptions. While seeking vendor information (A) and determining an off-peak time (C) are important, they do not take precedence over understanding how the patches will affect operations. Surveying other enterprises (D) can provide insights but does not directly address the immediate impact on the specific environment.