Certified in Risk and Information Systems Control (CRISC) — Question 882

Which of the following is the MOST relevant information to include in a risk management strategy?

Answer options

• A. Data security regulations
• B. Cost of controls
• C. Peer benchmarks
• D. Organizational goals

Correct answer: D

Explanation

Including organizational goals in a risk management strategy ensures that the risk management efforts align with the overall objectives of the organization, making it more effective. While data security regulations, cost of controls, and peer benchmarks are important, they serve more as support rather than guiding principles for the strategy.