Certified in Risk and Information Systems Control (CRISC) — Question 841

What information related to a system vulnerability would be MOST useful to management in making an effective risk-based decision?

Answer options

• A. Consequences if the vulnerability is exploited
• B. Availability of patches to mitigate the vulnerability
• C. Vulnerability scanning tools currently in place
• D. Risk mitigation plans for the vulnerability

Correct answer: A

Explanation

The correct answer is A because understanding the potential consequences of an exploited vulnerability helps management evaluate the risk's severity and prioritize resources effectively. Options B, C, and D are important, but they do not provide as direct insight into the impact of the vulnerability itself, which is crucial for risk assessment.