Certified in Risk and Information Systems Control (CRISC) — Question 313

The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

Answer options

• A. vulnerabilities.
• B. detected incidents.
• C. inherent risk.
• D. residual risk.

Correct answer: D

Explanation

The correct answer is D, as articulating the reduction in residual risk directly relates to the effectiveness of the control implementation in minimizing the potential impact of threats. While vulnerabilities, detected incidents, and inherent risk are important, they do not provide as clear a picture of the actual risk that remains after controls are applied, which is what senior management is most concerned about.