CRISC Question #559: Real Exam Question with Answer & Explanation

Question

Which of the following would be a risk practitioner's GREATEST concern related to the monitoring of key risk indicators (KRIs)?

Options

• ALogs are retained for longer than required.
• BLogs are reviewed annually.
• CLogs are stored in a multi-tenant cloud environment.
• DLogs are modified before analysis is conducted.

Explanation

The greatest concern regarding KRI monitoring is the modification of logs before analysis, as this compromises data integrity and renders the KRIs inaccurate and unreliable for risk assessment.

Common mistakes.

• A. Retaining logs for longer than required is a compliance and data retention issue, but it does not directly compromise the integrity or accuracy of the KRI data being analyzed.
• B. Reviewing logs annually means the KRI monitoring is not timely or frequent enough, but it does not inherently corrupt the accuracy of the data itself if it were to be analyzed.
• C. Storing logs in a multi-tenant cloud environment poses security and privacy risks if not properly secured, but it doesn't automatically mean the logs are modified before analysis, assuming proper controls are in place.

Concept tested. KRI data integrity

Reference. https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/using-key-risk-indicators-and-key-control-indicators

No community discussion yet for this question.