Certified in Risk and Information Systems Control (CRISC) — Question 671

For the first time, the procurement department has requested that IT grant remote access to third-party suppliers. Which of the following is the BEST course of action for IT in responding to the request?

Answer options

• A. Propose a solution after analyzing IT risk
• B. Design and implement key authentication controls
• C. Design and implement a secure remote access process
• D. Adequate internal standards to fit the new business case

Correct answer: A

Explanation

The best approach is to assess IT risk before proposing a solution, as this ensures that any potential vulnerabilities are understood and mitigated. While implementing authentication controls and a secure remote access process are important, they should come after understanding the specific risks involved. Adequate internal standards are necessary, but they should be based on a thorough risk analysis.