Certified in Risk and Information Systems Control (CRISC) — Question 583

The risk associated with a high-risk vulnerability in an application is owned by the:

Answer options

• A. security department.
• B. vendor.
• C. business unit.
• D. IT department.

Correct answer: C

Explanation

The correct answer is C, the business unit, because they have ownership over the application and are ultimately responsible for the risks associated with it. The security department, vendor, and IT department may provide support and guidance, but the accountability lies with the business unit that utilizes the application.