Certified in Risk and Information Systems Control (CRISC) — Question 1416

An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data. Which of the following provides the BEST input to assess the inherent risk impact?

Answer options

• A. Number of customer records held
• B. Number of databases that host customer data
• C. Number of encrypted customer databases
• D. Number of staff members having access to customer data

Correct answer: A

Explanation

The correct answer is A, as the number of customer records held directly correlates to the potential impact of a data breach, making it the most significant factor in assessing inherent risk. Options B, C, and D are relevant but less critical since they do not provide a direct measure of the potential exposure of sensitive customer information.