Certified in Risk and Information Systems Control (CRISC) — Question 542

When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?

Answer options

• A. Identity conditions that may cause disruptions.
• B. Evaluate the probability of risk events.
• C. Review incident response procedures.
• D. Define metrics for restoring availability.

Correct answer: A

Explanation

The first step in a risk assessment is to identify conditions that could lead to disruptions, making option A the correct choice. Options B, C, and D are important steps but come after identifying potential disruption conditions, as you need to know what risks you face before evaluating their probabilities or planning responses.