Certified in Risk and Information Systems Control (CRISC) — Question 408

A hospital's Internet of Things (IoT) bio-medical devices were recently hacked. Which of the following methods would BEST assist in identifying the control deficiencies?

Answer options

• A. SWOT analysis
• B. Countermeasure analysis
• C. Business impact analysis (BIA)
• D. Gap analysis

Correct answer: D

Explanation

A Gap analysis is specifically designed to identify discrepancies between the current state and desired state of controls, making it the best method for identifying control deficiencies. SWOT analysis focuses on strengths and weaknesses but does not provide a detailed examination of control gaps. Countermeasure analysis looks at existing security measures rather than identifying deficiencies, and Business impact analysis (BIA) assesses the potential impact of disruptions instead of control effectiveness.