Certified in Risk and Information Systems Control (CRISC) — Question 350

An organization has completed a project to implement encryption on all databases that host customer data. Which of the following elements of the risk register should be updated to reflect this change?

Answer options

• A. Risk tolerance
• B. Inherent risk
• C. Risk appetite
• D. Risk likelihood

Correct answer: D

Explanation

Updating the risk likelihood is essential because implementing encryption directly reduces the chances of a data breach, thus affecting the likelihood of risk materializing. The other options, such as risk tolerance and appetite, relate more to the organization's overall stance on risk rather than the specific impacts of encryption on data security.