Certified in Risk and Information Systems Control (CRISC) — Question 1452
Which of the following should be the MOST important consideration when determining controls necessary for a highly critical information system?
Answer options
- A. The number of vulnerabilities to the system
- B. The level of acceptable risk to the organization
- C. The organization's available budget
- D. The number of threats to the system
Correct answer: B
Explanation
The most crucial aspect when determining controls for a highly critical information system is the level of acceptable risk to the organization, as it directly influences the required security measures. The number of vulnerabilities and threats are important but secondary to understanding how much risk the organization is willing to tolerate. Likewise, while budget constraints are relevant, they should not overshadow the necessity of managing risks effectively.