Certified in Risk and Information Systems Control (CRISC) — Question 292

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

Answer options

• A. An increase in attempted distributed denial of service (DDoS) attacks
• B. An increase in attempted website phishing attacks
• C. A decrease in remediated web security vulnerabilities
• D. A decrease in achievement of service level agreements (SLAs)

Correct answer: D

Explanation

The correct answer is D, as a decrease in the achievement of service level agreements (SLAs) directly impacts service reliability and customer trust, which is critical for a provider with a low risk appetite. While increases in DDoS attacks and phishing attempts (options A and B) indicate threats, they do not immediately affect service performance as much as failing to meet SLAs does. Option C, a decrease in remediated vulnerabilities, suggests potential security issues but does not have the immediate operational impact that SLA failures do.