Certified in Risk and Information Systems Control (CRISC) — Question 351

Which of the following is a risk practitioner's BEST recommendation to help ensure cyber risk is assessed and reflected in the enterprise-level risk profile?

Answer options

• A. Conduct cyber risk awareness training tailored specifically for senior management
• B. Implement a cyber risk program based on industry best practices
• C. Manage cyber risk according to the organization's risk management framework
• D. Define cyber roles and responsibilities across the organization

Correct answer: C

Explanation

Managing cyber risk according to the organization's risk management framework ensures that all cyber risks are systematically assessed and integrated into the overall risk profile. The other options, while valuable, do not directly ensure that cyber risk is reflected in the enterprise-level risk profile as effectively as aligning with the existing risk management framework.