Certified in Risk and Information Systems Control (CRISC) — Question 890

Which of the following is MOST likely to be impacted when a global organization is required by law to implement a new data protection regulation across its operations?

Answer options

• A. Risk ownership assignments
• B. Threat profile
• C. Vulnerability assessment results
• D. Risk profile

Correct answer: D

Explanation

The correct answer is D, as the implementation of new data protection regulations directly alters the risk profile by changing how risks are identified, assessed, and managed. Options A, B, and C may be influenced indirectly, but they do not undergo the fundamental shifts in risk assessment that a new regulation would bring.