Certified in Risk and Information Systems Control (CRISC) — Question 943

Which of the following is performed after a risk assessment is completed?

Answer options

• A. Identifying vulnerabilities
• B. Conducting an impact analysis
• C. Defining risk response options
• D. Defining risk taxonomy

Correct answer: C

Explanation

After completing a risk assessment, the subsequent action is to define risk response options, as it involves determining how to address identified risks. The other options, such as identifying vulnerabilities and conducting an impact analysis, are typically part of the risk assessment process itself, while defining risk taxonomy is more about categorizing risks rather than responding to them.