CRISC · Question #330
CRISC Question #330: Real Exam Question with Answer & Explanation
The correct answer is D: Prioritize concerns based on frequency of reports.. The most efficient way to analyze employee-reported security concerns is to prioritize them by frequency, which helps identify common or widespread issues that warrant immediate attention and resource allocation.
Question
An organization has established workflows in its service desk to support employee reports of security-related concerns. Which of the following is the MOST efficient approach to analyze these concerns?
Options
- AMap concerns to organizational assets.
- BSort concerns by likelihood.
- CAlign concerns to key vendors.
- DPrioritize concerns based on frequency of reports.
Explanation
The most efficient way to analyze employee-reported security concerns is to prioritize them by frequency, which helps identify common or widespread issues that warrant immediate attention and resource allocation.
Common mistakes.
- A. Mapping concerns to organizational assets is a good next step for risk assessment, but it is less efficient for initial analysis than identifying prevalence.
- B. Sorting by likelihood requires a deeper analysis and estimation of each concern's probability, which is less efficient for an initial triage than simply counting frequency.
- C. Aligning concerns to key vendors might reveal external dependencies but doesn't immediately indicate the most impactful or widespread internal issues requiring prompt attention.
Concept tested. Efficient security concern analysis
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.