Certified in Risk and Information Systems Control (CRISC) — Question 127

After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be to:

Answer options

• A. record risk scenarios in the risk register for analysis
• B. validate the risk scenarios for business applicability
• C. reduce the number of risk scenarios to a manageable set
• D. perform a risk analysis on the risk scenarios

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of ensuring that the identified risk scenarios are relevant to the business context before taking further actions. The other options, while related to risk management, do not directly address the validation of business applicability, which is crucial at this stage.