Certified in Risk and Information Systems Control (CRISC) — Question 647

Which of the following would MOST likely require a risk practitioner to update the risk register?

Answer options

• A. An alert being reported by the security operations center.
• B. Development of a project schedule for implementing a risk response.
• C. Engagement of a third party to conduct a vulnerability scan.
• D. Completion of a project for implementing a new control.

Correct answer: D

Explanation

The completion of a project for implementing a new control would necessitate updating the risk register to reflect the new risk environment and controls in place. The other options involve activities that may not directly impact the existing risk assessment or require immediate updates to the risk register.