Certified in Risk and Information Systems Control (CRISC) — Question 673

Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

Answer options

• A. Internal audit findings
• B. Relevant risk case studies
• C. Risk assessment results
• D. Penetration testing results

Correct answer: C

Explanation

The correct answer is C, as risk assessment results provide a comprehensive evaluation of vulnerabilities and threats, enabling informed resource allocation. Options A, B, and D offer valuable insights but do not provide as direct a measure of risk exposure as risk assessment results do.