Certified in Risk and Information Systems Control (CRISC) — Question 455

Which of the following elements of a risk register is MOST useful to share with key stakeholders to influence informed decision-making?

Answer options

• A. Threat source
• B. Risk owner
• C. Control owner
• D. Mitigation plan

Correct answer: D

Explanation

The mitigation plan is crucial because it outlines the strategies for addressing identified risks, helping stakeholders understand how risks will be managed. In contrast, the threat source, risk owner, and control owner provide context and responsibility but do not directly inform stakeholders about actions being taken to mitigate risks.