Certified in Risk and Information Systems Control (CRISC) — Question 470

An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees. Which of the following BEST describes this situation?

Answer options

• A. Risk
• B. Policy violation
• C. Threat
• D. Vulnerability

Correct answer: D

Explanation

This situation is classified as a Vulnerability because it exposes the organization to potential security breaches due to the improper documentation of sensitive information. The other options do not accurately reflect the nature of the problem: 'Risk' refers to the potential for loss, 'Policy violation' pertains to breaking established protocols, and 'Threat' indicates a potential danger, but does not specifically address the documentation issue.