Certified in Risk and Information Systems Control (CRISC) — Question 384
Which of the following provides the MOST reliable information to ensure a newly acquired company has appropriate IT controls in place?
Answer options
- A. Vulnerability assessment
- B. Information system audit
- C. Penetration testing
- D. IT risk assessment
Correct answer: D
Explanation
An IT risk assessment is the most effective way to identify and evaluate the risks associated with IT controls in a newly acquired company. It provides a comprehensive overview of the potential risks and existing controls, whereas a vulnerability assessment, information system audit, and penetration testing focus more on specific aspects of security rather than the overall risk landscape.