Certified in Risk and Information Systems Control (CRISC) — Question 1360

An organization wants to improve its logical access controls to address the results of the annual risk assessment. Which of the following should be done FIRST to facilitate this initiative?

Answer options

• A. Review business and operational requirements.
• B. Review roles and entitlements.
• C. Review user access logs.
• D. Review prior access management approval.

Correct answer: A

Explanation

The first step in improving logical access controls is to understand the business and operational requirements, as they provide the foundation for determining what access is necessary. Reviewing roles and entitlements, user access logs, or prior approvals comes after understanding these requirements, making them less critical to address initially.