Certified in Risk and Information Systems Control (CRISC) — Question 654

Which of the following is a risk practitioner's BEST recommendation to address an organization's need to secure multiple systems with limited IT resources?

Answer options

• A. Perform a vulnerability analysis.
• B. Schedule a penetration test.
• C. Apply available security patches.
• D. Conduct a business impact analysis (BIA).

Correct answer: D

Explanation

The correct choice is D because conducting a business impact analysis (BIA) helps identify critical systems and prioritize security efforts effectively, especially when resources are limited. Options A, B, and C, while important, do not provide a strategic overview of the organization's needs, making them less effective in securing multiple systems under constraints.