Certified in Risk and Information Systems Control (CRISC) — Question 1361

A data center has recently been migrated to a jurisdiction where heavy fines will be imposed should leakage of customer personal data occur. Assuming no other changes to the operating environment, which factor should be updated to reflect this situation as an input to scenario development for this particular risk event?

Answer options

• A. Risk impact
• B. Risk appetite
• C. Risk likelihood
• D. Risk capacity

Correct answer: A

Explanation

The correct answer is A, Risk impact, as the potential consequences of a data breach have increased due to the heavy fines. The other options—Risk appetite, Risk likelihood, and Risk capacity—do not directly address the change in severity of the impact resulting from the new jurisdiction's regulations.