Certified in Risk and Information Systems Control (CRISC) — Question 357

Which of the following would BEST mitigate an identified risk scenario?

Answer options

• A. Establishing an organization's risk tolerance
• B. Conducting awareness training
• C. Performing periodic audits
• D. Executing a risk response plan

Correct answer: D

Explanation

Executing a risk response plan is the most effective approach as it involves specific actions tailored to address the identified risk. The other options, while important, do not directly implement solutions to mitigate the risk; they focus on awareness, audits, and establishing a tolerance level.