Certified in Risk and Information Systems Control (CRISC) — Question 659

What should be the PRIMARY objective of updating a risk awareness program in response to a steady rise in cybersecurity threats across the industry?

Answer options

• A. To reduce the risk of insider threats that could compromise security practices
• B. To increase familiarity and understanding of potential security incidents
• C. To ensure compliance with risk management policies and procedures
• D. To lower the organization's risk appetite and tolerance levels

Correct answer: B

Explanation

The correct answer is B because the primary aim of updating a risk awareness program is to enhance knowledge about possible security threats, which is crucial given the rise in cybersecurity issues. The other options, while important, focus on specific aspects such as compliance (C), insider threats (A), and risk appetite (D), which do not address the need for heightened awareness directly.