Certified in Risk and Information Systems Control (CRISC) — Question 622

A review of an organization's controls has determined its data loss prevention (DLP) system is currently failing to detect outgoing emails containing credit card data.
Which of the following would be MOST impacted?

Answer options

• A. Risk appetite
• B. Residual risk
• C. Key risk indicators (KRIs)
• D. Inherent risk

Correct answer: B

Explanation

The correct answer is B, Residual risk, because if the DLP system fails to detect sensitive data, the potential for data breaches increases, thereby elevating the residual risk. The other options, such as Risk appetite, Key risk indicators, and Inherent risk, are related concepts but do not directly reflect the immediate consequences of DLP failures in monitoring outgoing sensitive information.