Certified in Risk and Information Systems Control (CRISC) — Question 70

IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

Answer options

• A. historical risk assessments
• B. key risk indicators (KRIs)
• C. the cost associated with each control
• D. information from the risk register

Correct answer: D

Explanation

The correct answer is D because the risk register contains detailed information on identified risks, their severity, and the controls in place, making it the most relevant source for generating departmental IT risk profile reports. Options A, B, and C are less effective as they do not provide the comprehensive and specific data required for this purpose.