"The risk profile is based on the overall risk posture of the organization reflected in its attentiveness to
monitoring the effectiveness of controls
A"
When developing a risk profile for a system, both risk assessment results and a mapping of resources to business processes can provide valuable information, but risk assessment results typically provide the most comprehensive information.
Risk assessment is a systematic process of identifying, analyzing, and evaluating potential risks associated with a system, including threats, vulnerabilities, and potential impacts. Risk assessment results provide a detailed understanding of the potential risks to a system and can help prioritize risk mitigation efforts.
On the other hand, mapping resources to business processes involves identifying the assets and resources used by a system and the business processes that rely on them. This mapping can help identify critical resources and processes, which can inform risk assessment and risk mitigation efforts. However, this information alone may not provide a comprehensive understanding of the potential risks to a system.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
K5000ism
10 months agomynk29
1 year, 5 months agoCbtL
1 year, 5 months agoKoulyo
1 year, 6 months agojohn_boogieman
1 year, 8 months ago