Certified in Risk and Information Systems Control (CRISC) — Question 169

Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?

Answer options

• A. Change management audit
• B. Change control process
• C. Role-specific technical training
• D. Risk assessment

Correct answer: B

Explanation

The change control process is crucial as it ensures that all changes are reviewed, approved, and documented, minimizing potential disruptions. While a change management audit and risk assessment are important, they do not directly manage the changes as effectively as a structured change control process. Role-specific technical training is beneficial but does not address the risks associated with the updates themselves.