Exam CRISC topic 1 question 1058 discussion

D - allow the organization to identify its most critical assets and then apply its limited resources effectively

Applying available security patches is a crucial step in securing systems. It's a relatively straightforward action that can significantly enhance system security by addressing known vulnerabilities. This action doesn't require extensive resources and can be done in a targeted manner. While conducting a business impact analysis (BIA) is important for understanding the potential impact of security incidents, it might not directly address the need to secure systems with limited resources. A BIA focuses on understanding the potential consequences of various incidents rather than the immediate actions needed to secure systems.

BIA to prioritize and highlight loss to senior management and have them accept the risk of no resources

Going with D. In the BIA section of the 7th edition review manual it discusses that BIA lets you prioritize risk as a risk practitioner. Limited resources are applied to systems in order of criticality.

A. Perform a vulnerability analysis is a risk practitioner's BEST recommendation to address an organization's need to secure multiple systems with limited IT resources. A vulnerability analysis is an assessment of potential vulnerabilities within an organization's systems, and can help identify areas that require immediate attention. By performing a vulnerability analysis, an organization can prioritize its security efforts and focus on the most critical vulnerabilities first. This can help maximize the effectiveness of limited IT resources.

limited resources? Just install patches