Certified in Risk and Information Systems Control (CRISC) — Question 181

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Answer options

• A. Gather scenarios from senior management
• B. Derive scenarios from IT risk policies and standards
• C. Benchmark scenarios against industry peers
• D. Map scenarios to a recognized risk management framework

Correct answer: D

Explanation

The best approach is to map scenarios to a recognized risk management framework as it ensures that the scenarios are comprehensive and structured according to best practices. Gathering scenarios from senior management (A) may not cover all aspects, deriving from policies (B) could be too narrow, and benchmarking against peers (C) might not address unique organizational risks.