Certified in Risk and Information Systems Control (CRISC) — Question 572

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Answer options

• A. The cost associated with incident response activities
• B. The maximum levels of applicable regulatory fines
• C. The composition and number of records in the information asset
• D. The length of time between identification and containment of the incident

Correct answer: B

Explanation

The maximum levels of applicable regulatory fines are critical because they represent the potential financial impact of a data loss incident, which can significantly affect an organization. While incident response costs, record composition, and containment time are important, they do not have the same direct financial implications as regulatory fines.