Certified in Risk and Information Systems Control (CRISC) — Question 9
You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?
Answer options
- A. Reduction in the frequency of a threat
- B. Minimization of inherent risk
- C. Reduction in the impact of a threat
- D. Minimization of residual risk
Correct answer: B
Explanation
The correct answer is B, as minimizing inherent risk indicates that the original risk level has been reduced through mitigation strategies. Options A and C focus on the frequency and impact of threats, which do not directly measure the effectiveness of the chosen mitigation method. Option D refers to residual risk, which is the risk remaining after mitigation, but it does not assess the effectiveness of the original mitigation approach.