An organization's board of directors is concerned about recent data breaches in the news and wants to assess its exposure to similar scenarios. Which of the following is the BEST course of action?
A.
Reassess the risk appetite and tolerance levels of the business.
B.
Review the organization's data retention policy and regulatory requirements.
C.
Evaluate the organization's existing data protection controls.
D.
Evaluate the sensitivity of data that the business needs to handle.
Understanding the type and sensitivity of the data an organization processes is the foundational step in assessing its risk exposure. This step is critical because the value of the data directly influences the potential impact of a breach. You can't properly evaluate controls or set risk tolerance without first knowing what you're protecting.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
trev0r
3 days, 5 hours ago