Certified in Risk and Information Systems Control (CRISC) — Question 963

Senior management is deciding whether to share confidential data with the organization’s business partners. The BEST course of action for a risk practitioner would be to submit a report to senior management containing the:

Answer options

• A. project plan for classification of the data.
• B. summary of data protection and privacy legislation.
• C. design of controls to encrypt the data to be shared.
• D. possible risk and suggested mitigation plans.

Correct answer: D

Explanation

The correct answer is D, as identifying potential risks and proposing mitigation strategies is crucial when considering sharing sensitive data. Options A, B, and C focus on data classification, legal compliance, and encryption design, which, while important, do not directly address the immediate concern of risk assessment and management in sharing data.