Certified in Risk and Information Systems Control (CRISC) — Question 402

Which of the following is MOST likely to be impacted as a result of a new policy which allows staff members to remotely connect to the organization's IT systems via personal or public computers?

Answer options

• A. Risk tolerance
• B. Risk appetite
• C. Inherent risk
• D. Key risk indicator (KRI)

Correct answer: C

Explanation

The correct answer is C, Inherent risk, as allowing remote access through personal or public computers increases the potential for security vulnerabilities. Options A and B refer to organizational attitudes towards risk rather than the direct impact of the policy, while D, Key risk indicator (KRI), is a measure used to assess risk rather than a concept that would be directly impacted.