Certified in Risk and Information Systems Control (CRISC) — Question 395

Which of the following will be the GREATEST concern when assessing the risk profile of an organization?

Answer options

• A. The risk profile does not contain historical loss data.
• B. The risk profile was last reviewed two years ago.
• C. The risk profile was not updated after a recent incident.
• D. The risk profile was developed without using industry standards.

Correct answer: B

Explanation

Option B is the correct answer because a risk profile that hasn't been reviewed for two years may not reflect current threats or vulnerabilities, making it a significant concern. While the other options highlight issues such as lack of historical data or outdated information, they do not indicate the potential for an outdated risk assessment to overlook significant changes in the organization's risk landscape.