Certified in Risk and Information Systems Control (CRISC) — Question 625

Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?

Answer options

• A. Conduct a control assessment.
• B. Purchase cyber insurance from a third party.
• C. Increase the frequency of incident reporting.
• D. Enhance the security awareness program.

Correct answer: A

Explanation

The correct action is to conduct a control assessment to evaluate existing security measures and identify areas for improvement. Purchasing cyber insurance may provide coverage but does not address the immediate risk. Increasing incident reporting frequency and enhancing the security awareness program are beneficial but are not immediate responses to the identified risk.