the FIRST thing a risk practitioner should do is D. Determine the business purpose of the application.
It is important to first understand the purpose and scope of the shadow IT application before taking any action. The risk practitioner should determine why the business owner is using the application, what data it processes, and what level of risk it presents to the organization.
Once the purpose of the application is understood, the risk practitioner can work with the business owner to evaluate the risk and determine the appropriate course of action. This may involve including the application in the business continuity plan (BCP), reporting the finding to management, or segregating the application from the network, depending on the level of risk involved.
However, taking any action without first understanding the purpose of the application could potentially disrupt business operations or create unnecessary costs. Therefore, determining the business purpose of the application should be the FIRST step taken by the risk practitioner.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
8 months, 2 weeks agoKoulyo
9 months, 1 week agojohn_boogieman
11 months, 1 week agoEbucluc
1 year, 3 months ago