CRISC Question #347: Real Exam Question with Answer & Explanation

Question

Which of the following will BEST help to improve an organization's risk culture?

Options

• AMaintaining a documented risk register
• BEstablishing a risk awareness program
• CRewarding employees for reporting security incidents
• DAllocating resources for risk remediation

Explanation

Establishing a robust risk awareness program is the best way to improve an organization's risk culture by educating employees and fostering a shared understanding of risk.

Common mistakes.

• A. Maintaining a risk register is a tool for risk management, but it doesn't directly influence the organization's broader risk culture without communication and engagement.
• C. Rewarding employees for reporting incidents is good for incident response but is a reactive measure and only one aspect of a comprehensive risk culture.
• D. Allocating resources for risk remediation is an operational step in risk management, which helps reduce specific risks but doesn't inherently build a proactive risk culture.

Concept tested. Risk culture improvement

No community discussion yet for this question.