Certified in Risk and Information Systems Control (CRISC) — Question 1157

Which of the following is MOST important for a risk practitioner to review during an IT risk assessment?

Answer options

• A. Information system control weaknesses and audit findings
• B. Information system assets and associated threats
• C. The organization's historical threats and monetary loss
• D. Published records of loss from peer organizations

Correct answer: B

Explanation

The most critical aspect for a risk practitioner to review is the information system assets and associated threats, as understanding these elements helps identify vulnerabilities and prioritize risk management efforts. While control weaknesses, historical threats, and peer loss records can provide context, they do not directly address the current risk landscape as effectively as identifying assets and their threats.