Certified in Risk and Information Systems Control (CRISC) — Question 871

An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?

Answer options

• A. Update the risk register
• B. Review the risk tolerance
• C. Perform a business impact analysis (BIA)
• D. Redesign the heat map.

Correct answer: A

Explanation

Updating the risk register is essential after changes are made to mitigate vulnerabilities, as it ensures the documentation reflects the current risk landscape. The other options, while important, are not immediate actions following the resolution of the vulnerability; reviewing risk tolerance and performing a BIA are subsequent steps that can happen later, and redesigning the heat map is not directly related to the immediate follow-up after addressing a vulnerability.