Certified in Risk and Information Systems Control (CRISC) — Question 549

When developing a response plan to address security incidents regarding sensitive data loss; it is MOST important to:

Answer options

• A. revalidate existing risk scenarios.
• B. revalidate current key risk indicators (KRIs).
• C. review the data classification policy.
• D. revise risk management procedures.

Correct answer: C

Explanation

The correct answer is C because reviewing the data classification policy ensures that sensitive data is properly identified and handled according to its classification level. The other options, while important, do not directly address the immediate need to ensure the protection of sensitive data during a security incident.