CRISC · Question #214
CRISC Question #214: Real Exam Question with Answer & Explanation
The correct answer is C: The business process owner. When defining a risk profile for a new third-party application, the business process owner is the most crucial stakeholder due to their comprehensive understanding of the application's operational context.
Question
Which stakeholder is MOST important to include when defining a risk profile during me selection process for a new third party application'?
Options
- AThe third-party risk manager
- BThe application vendor
- CThe business process owner
- DThe information security manager
Explanation
When defining a risk profile for a new third-party application, the business process owner is the most crucial stakeholder due to their comprehensive understanding of the application's operational context.
Common mistakes.
- A. The third-party risk manager focuses on vendor risk and contractual aspects but may lack the granular operational insight of the business process owner.
- B. The application vendor provides technical specifications but lacks the organizational-specific business context needed for a comprehensive risk profile.
- D. The information security manager is critical for security aspects but the overall risk profile also encompasses broader business, operational, and compliance risks best articulated by the business process owner.
Concept tested. Stakeholder identification for risk profiling
Reference. https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.