Certified in Risk and Information Systems Control (CRISC) — Question 1380

Which of the following would present the MOST significant risk to an organization when updating the incident response plan?

Answer options

• A. Undefined assignment of responsibility
• B. Obsolete response documentation
• C. Increased stakeholder turnover
• D. Failure to audit third-party providers

Correct answer: A

Explanation

Undefined assignment of responsibility can lead to confusion during an incident, as team members may not know their roles. While obsolete documentation, stakeholder turnover, and third-party audits are important, they do not create as immediate and critical a risk as unclear responsibilities in an incident response scenario.