IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:
B. Key risk indicators (KRIs) would likely be the best approach to address this request. KRIs provide real-time or near-real-time insights into potential risks, allowing stakeholders to make informed decisions about resource allocation for risk mitigation. Using historical risk assessments or information from the risk register may not provide the most current and relevant data for decision-making. Additionally, while the cost associated with each control is important, it may not necessarily reflect the current risk profile or the effectiveness of mitigation efforts.
D. Information from the risk register
A risk register is a comprehensive tool used in risk management that contains detailed information about identified risks, their assessment, and the measures planned or taken to address them. It typically includes information on the likelihood and impact of risks, as well as the status of any mitigation efforts. Using the risk register to generate department-specific IT risk profiles will provide a current and detailed view of the risks each department faces, along with the status of mitigation efforts. This information is crucial for making informed decisions about where to allocate resources effectively.
B. Key risk indicators (KRIs)
The best way to address the IT stakeholders' request for IT risk profile reports associated with specific departments to allocate resources for risk mitigation is to use key risk indicators (KRIs). KRIs are specific metrics or indicators that provide insight into the current level of risk exposure and the effectiveness of controls in place. By using KRIs, you can present quantifiable and measurable data that highlight the risk landscape of each department. This approach provides a more tangible and actionable basis for allocating resources and focusing mitigation efforts effectively.
Information from the risk register would be the best way to address this request. The risk register contains the most up-to-date and comprehensive overview of an organization's risk profile, including risks associated with specific departments. This information can be used to determine the departments' risk levels and, subsequently, how to allocate resources for risk mitigation.
I am not sure of option "D". KRI's (option B) provides more insight on critical risks for each department. The question is tricky . if it is straight forward then option "D" . Otherwise option "B"
Shouldn’t the answer be D as the Risk Register may already have all the requested resources / cost info?
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Anon530
Highly Voted 3 years, 3 months agoJoloms
Most Recent 1 month agoKennethlim79
7 months, 2 weeks agoeblue
10 months, 2 weeks agomih
11 months ago01010100
11 months, 3 weeks agomraiyan
1 year, 1 month agoJulianleehk
1 year, 2 months agojohn_boogieman
1 year, 4 months agoSuchib
1 year, 6 months agoCeecil1959
2 years, 2 months agoobi1
2 years, 4 months agoTomm8125
3 years, 3 months agoTomm8125
3 years, 3 months agoRooks
3 years, 10 months ago