Certified in Risk and Information Systems Control (CRISC) — Question 512

Which of the following provides the MOST mitigation value for an organization implementing new Internet of Things (IoT) devices?

Answer options

• A. Implementing key risk indicators (KRIs) for IoT devices
• B. Designing IoT architecture with IT security controls from the start
• C. Performing a vulnerability assessment on the IoT devices
• D. Creating an IoT-specific risk register

Correct answer: B

Explanation

Option B is correct because integrating IT security controls into the IoT architecture from the outset significantly reduces vulnerabilities. While KRIs, vulnerability assessments, and risk registers are useful, they are reactive measures and do not provide the foundational security that proactive design does.