Certified in Risk and Information Systems Control (CRISC) — Question 800

Which of the following would be the GREATEST concern for an IT risk practitioner when an employee has transferred to another department?

Answer options

• A. Company equipment has not been retained by IT.
• B. The organization's structure has not been updated.
• C. Unnecessary access permissions have not been removed.
• D. Job knowledge was not transferred to employees in the former department.

Correct answer: C

Explanation

The main concern is that unnecessary access permissions may still allow the former employee to access sensitive information, posing a security risk. While retaining company equipment and updating the organization's structure are important, they do not directly impact security as much as unrevoked access. Transferring job knowledge is valuable, but it does not relate to the immediate risk of unauthorized access.