Certified in Risk and Information Systems Control (CRISC) — Question 674

Which of the following BEST balances the costs and benefits of managing IT risk?

Answer options

• A. Eliminating risk through preventive and detective controls
• B. Prioritizing and addressing risk in line with risk appetite
• C. Considering risk that can be shared with a third party
• D. Evaluating the probability and impact of risk scenarios

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of aligning risk management efforts with the organization's risk appetite, ensuring that resources are allocated efficiently. Options A and C focus on eliminating or transferring risk, which may not always be feasible or cost-effective. Option D, while important for understanding risk, does not directly address the balance between costs and benefits.