CRISC Question #44: Real Exam Question with Answer & Explanation

The correct answer is C: The IT strategic plan. The IT strategic plan serves as the most comprehensive resource for prioritizing the implementation of information systems controls.

Submitted by klara.se· Apr 18, 2026Governance

Question

Which of the following is the MOST comprehensive resource for prioritizing the implementation of information systems controls?

Options

AData classification policy
BEmerging technology trends
CThe IT strategic plan
DThe risk register

Explanation

The IT strategic plan serves as the most comprehensive resource for prioritizing the implementation of information systems controls.

Common mistakes.

A. A data classification policy defines data sensitivity but does not provide a comprehensive framework for prioritizing all information system controls across the entire organization.
B. Emerging technology trends identify potential future risks or opportunities but are not a structured resource for prioritizing current control implementations.
D. The risk register documents identified risks and their treatments, which helps prioritize risk treatments, but the IT strategic plan provides the overarching context for all information systems controls.

Concept tested. Information system control prioritization resources

Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#Control prioritization#IT strategic planning#Information security governance#Resource allocation

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions