Certified in Risk and Information Systems Control (CRISC) — Question 697

What is the PRIMARY reason an organization should include background checks on roles with elevated access to production as part of its hiring process?

Answer options

• A. Eliminate risk associated with personnel.
• B. Ensure new hires have the required skills.
• C. Reduce exposure to vulnerabilities.
• D. Reduce internal threats.

Correct answer: D

Explanation

The primary reason for conducting background checks is to minimize internal threats, as individuals with elevated access can pose significant risks if they have a questionable history. While eliminating personnel risk, ensuring skill requirements, and reducing vulnerabilities are important, they do not specifically address the threat posed by insiders, which is the focus of this question.