Certified in Risk and Information Systems Control (CRISC) — Question 152

Malware has recently affected an organization. The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:

Answer options

• A. a vulnerability assessment.
• B. a root cause analysis.
• C. an impact assessment.
• D. a gap analysis.

Correct answer: B

Explanation

A root cause analysis is crucial as it identifies the underlying reasons for the malware infection, allowing the organization to address the problem effectively. While a vulnerability assessment, impact assessment, and gap analysis provide valuable information, they do not directly tackle the core issue that led to the malware infection.