ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 722 discussion

Actual exam question from Isaca's CRISC
Question #: 722
Topic #: 1
[All CRISC Questions]

An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?

  • A. Control owner
  • B. IT security manager
  • C. Risk owner
  • D. IT system owner
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Josh93 at April 19, 2021, 10:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tsangckl
Highly Voted 2 years, 3 months ago
The key word is authorize . So it is C.
upvoted 5 times
...
Raj1510
Highly Voted 2 years, 5 months ago
agree with C
upvoted 5 times
...
eblue
Most Recent 9 months, 3 weeks ago
Selected Answer: A
https://www.isaca.org/resources/isaca-journal/past-issues/2014/jonline-reinspecting-password-account-lockout-and-audit-policies
upvoted 1 times
...
CbtL
1 year, 2 months ago
Selected Answer: C
Going with C on this one. The "authorize" implies the risk owner to me.
upvoted 1 times
...
john_boogieman
1 year, 4 months ago
Selected Answer: A
Control owner has invested the authority and accountability for making control-related decisions and is responsible for ensuring that the control is implemented and is operating effectively and efficiently.
upvoted 1 times
...
fora
2 years, 1 month ago
Selected Answer: C
I agree with C
upvoted 3 times
...
Ceecil1959
2 years, 3 months ago
A is correct. Control owner is responsible to make the change. The risk owner is accountable but does not make changes unless they are one and the same.
upvoted 1 times
fora
2 years, 1 month ago
Control owners are responsible for controls’ implementation and monitoring - they do not decide on what controls to implement or what thresholds should be.
upvoted 2 times
john_boogieman
1 year, 4 months ago
The control owner is responsible for the design, implementation, and operation of the control and has the authority to modify the control parameters as necessary to improve its effectiveness.
upvoted 1 times
...
...
...
Owaissyed
2 years, 11 months ago
Should be “C” The person in whom the organization has invested the authority and accountability for making risk-based decisions and who owns the loss associated with a realized risk
upvoted 4 times
...
Josh93
3 years, 2 months ago
controls are implemented to reduce/address risk. Hence I would think it would be the risk owner to submit this request..............
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel