Certified in Risk and Information Systems Control (CRISC) — Question 1382

A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

Answer options

• A. Perform an independent audit of the third party.
• B. Accept the risk based on the third party's risk assessment.
• C. Perform their own risk assessment.
• D. Implement additional controls to address the risk.

Correct answer: C

Explanation

The best approach for the client is to conduct their own risk assessment (C) to gain a comprehensive understanding of their unique security posture. Relying solely on the third party's assessment (B) may overlook specific vulnerabilities the client faces. While performing an independent audit (A) or implementing additional controls (D) might be beneficial, they do not directly address the need for the client to evaluate their risk independently.