Certified in Risk and Information Systems Control (CRISC) — Question 1427

An organization is considering an Internet of Things (IoT) technology solution to manage its supply chain. Which of the following presents the GREATEST risk to the organization in this situation?

Answer options

• A. IoT devices with hard-coded passwords
• B. Lack of physical hardening
• C. Lack of regulatory guidance regarding IoT
• D. Outdated out-of-the-box IoT firmware

Correct answer: A

Explanation

IoT devices with hard-coded passwords are particularly vulnerable as these passwords can be easily exploited, leading to unauthorized access. While the other options represent risks, they do not directly compromise device security as severely as hard-coded passwords do. Therefore, this option poses the greatest risk in managing supply chain security.