Certified in Risk and Information Systems Control (CRISC) — Question 224

Which of the following is MOST important to the successful development of IT risk scenarios?

Answer options

• A. Control effectiveness assessment
• B. Threat and vulnerability analysis
• C. Internal and external audit reports
• D. Cost-benefit analysis

Correct answer: B

Explanation

The correct answer is B because understanding potential threats and vulnerabilities is essential for accurately developing IT risk scenarios. While the other options provide valuable information, they do not directly focus on identifying the risks posed by specific threats and vulnerabilities, which is critical for scenario development.