Sorry 'C', reason:
The IT department is responsible for managing and securing the technology infrastructure of an organization, but ultimately, it is the business unit that owns and operates the applications that run on that infrastructure. Therefore, the business unit is responsible for managing the risks associated with the applications they use.
When a high-risk vulnerability is identified in an application, it is the responsibility of the business unit to assess the potential impact of the vulnerability on their operations, customers, and overall business objectives. Based on this assessment, the business unit should prioritize and allocate resources to remediate the vulnerability.
The IT department can support the business unit in identifying and remediating vulnerabilities, but they do not have the knowledge or expertise to determine the business impact of a vulnerability. Therefore, the business unit must take ownership of the risk associated with the vulnerability and determine the appropriate course of action.
IT department that is responsible for managing the risk associated with that vulnerability. This includes identifying and assessing the vulnerability, implementing appropriate controls to mitigate the risk, and monitoring and managing the vulnerability over time.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
9 months agojohn_boogieman
10 months, 3 weeks agojohn_boogieman
10 months, 3 weeks ago