Exam CRISC topic 1 question 396 discussion

Answer B: Emerging RISK, not emerging THREAT (as stated in answer C)

B is my answer

Pretty sure the given answer is correct. KRI's aren't intended to be "flexible" in nature hence ISACA being so strict on the importance of ongoing management and security reassesment. As such, the most important thing in my eye's is that the KRI is rock solid for its current purpose. In other words, C

Key Risk Indicators are metrics used to provide an early signal of increasing risk exposures in various areas of an organization. The primary benefit of KRIs is their ability to facilitate ongoing monitoring and proactive management of potential risks. By tracking these indicators, organizations can detect emerging risks before they manifest into significant issues, allowing for timely and effective risk mitigation strategies. While KRIs can also help in identifying trends, emerging threats, and benchmarking, their foremost value lies in the ongoing monitoring and anticipation of risks.

B. provide ongoing monitoring of emerging risk Key risk indicators (KRIs) are used to provide ongoing monitoring and early warning of emerging risks within an organization. They are designed to help organizations identify and assess potential threats and vulnerabilities in real-time or on a continuous basis. By monitoring KRIs, organizations can detect and respond to emerging risks before they escalate into more significant issues, helping to mitigate potential negative impacts on the business. While the other options (identifying trends in vulnerabilities, helping an organization identify emerging threats, and benchmarking the organization's risk profile) are relevant aspects of risk management, the primary purpose of KRIs is to provide ongoing monitoring of emerging risks.

KRIs are focused on measuring the level of risk exposure across the organization and monitoring changes in risk exposure over time

B. provide ongoing monitoring of emerging risk