Certified in Risk and Information Systems Control (CRISC) — Question 1267

Which of the following should be the FIRST course of action if the risk associated with a new technology is found to be increasing?

Answer options

• A. Implement additional controls
• B. Re-evaluate current controls
• C. Revise the current risk action plan
• D. Escalate the risk to senior management

Correct answer: B

Explanation

The correct answer is B because re-evaluating current controls allows for a proper understanding of the effectiveness of existing measures before taking further actions. Implementing additional controls or revising the risk action plan may be premature without first assessing whether the current controls are adequate. Escalating the risk to senior management should also follow a thorough evaluation of existing controls.