Certified in Risk and Information Systems Control (CRISC) — Question 90
You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)
Answer options
- A. Education of staff or business partners
- B. Deployment of a threat-specific countermeasure
- C. Modify of the technical architecture
- D. Apply more controls
Correct answer: A, B, C
Explanation
The correct answers are A, B, and C because educating staff helps them recognize and respond to threats, deploying threat-specific countermeasures directly addresses the identified risks, and modifying the technical architecture can improve the overall security posture. Option D, applying more controls, may not be effective if the existing controls are fundamentally flawed or not properly aligned with the new threats.