Certified in Risk and Information Systems Control (CRISC) — Question 1187

An organization has engaged an external consultant to assess its cybersecurity program. Which of the following findings would be MOST important to address?

Answer options

• A. Lack of a cyber risk profile
• B. Lack of cyber risk awareness training
• C. Lack of a dedicated cybersecurity team
• D. Lack of accountability

Correct answer: D

Explanation

The most critical issue to tackle is the lack of accountability, as it can lead to ineffective risk management and can undermine the overall cybersecurity efforts. While the other findings are important, without accountability, there is no one to ensure that cybersecurity measures are implemented and maintained effectively.