Certified in Risk and Information Systems Control (CRISC) — Question 885

Which of the following should be the PRIMARY concern when changes to firewall rules do not follow change management requirements?

Answer options

• A. Inaccurate documentation
• B. Potential business impact
• C. Potential audit findings
• D. Insufficient risk governance

Correct answer: B

Explanation

The correct answer is B because changes to firewall rules that bypass established protocols can lead to significant disruptions in business operations. While inaccurate documentation, potential audit findings, and insufficient risk governance are important, the immediate concern is how these changes can adversely affect business functionality.