Certified in Risk and Information Systems Control (CRISC) — Question 1179

When developing a risk awareness training program, which of the following is the BEST way to promote a risk-aware culture?

Answer options

• A. Challenge the effectiveness of business processes.
• B. Illustrate methods to identify threats and vulnerabilities.
• C. Emphasize individual responsibility for managing risk.
• D. Communicate incident escalation procedures.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of individual responsibility in managing risk, which is crucial for fostering a risk-aware culture. While the other options provide useful information, they do not directly encourage personal accountability, which is essential for an effective risk management environment.