Certified in Risk and Information Systems Control (CRISC) — Question 928

A zero-day vulnerability has been discovered in a globally used brand of hardware server that allows hackers to gain access to affected IT systems. Which of the following is MOST likely to change as a result of this situation?

Answer options

• A. Control effectiveness
• B. Risk appetite
• C. Key risk indicator (KRI)
• D. Risk likelihood

Correct answer: D

Explanation

The discovery of a zero-day vulnerability typically increases the risk likelihood, as it introduces a new avenue for potential attacks. While control effectiveness, risk appetite, and key risk indicators may also be affected, the immediate impact is primarily on the likelihood of risk occurring due to the newly identified threat.