Certified in Risk and Information Systems Control (CRISC) — Question 663

Which of the following is the BEST approach for selecting controls to minimize risk?

Answer options

• A. Industry best practice review
• B. Cost-benefit analysis
• C. Risk assessment
• D. Control-effectiveness evaluation

Correct answer: B

Explanation

The correct answer is B, as a cost-benefit analysis helps determine whether the expense of implementing a control is justified by the risk reduction it provides. Options A, C, and D are important in the overall risk management process but do not directly address the balance of costs and benefits like option B does.