Certified in Risk and Information Systems Control (CRISC) — Question 1265
A risk assessment has revealed that the probability of a successful cybersecurity attack is increasing. The potential loss could exceed the organization’s risk appetite. Which of the following would be the MOST effective course of action?
Answer options
- A. Purchase cybersecurity insurance
- B. Re-evaluate the organization’s risk appetite
- C. Outsource the cybersecurity function
- D. Review cybersecurity incident response procedures
Correct answer: D
Explanation
The correct answer is D because reviewing cybersecurity incident response procedures ensures that the organization is prepared to effectively manage and mitigate the impact of a cyberattack. Options A, B, and C may provide support or alternate strategies, but they do not directly enhance the immediate readiness and response capabilities necessary to handle an increasing threat.