Exam CRISC topic 1 question 695 discussion

I think B is correct. See R2-106. Impact analysis will not directly help with mitigation for a specific security incident.

B. a root cause analysis. When an organization is affected by malware, the most effective way to resolve the situation and define a comprehensive risk treatment plan is to perform a root cause analysis. This analysis aims to identify the underlying reasons or root causes that allowed the malware to infect the organization's systems in the first place. By understanding the root causes, the organization can take targeted actions to remediate the issues and prevent future malware infections. A root cause analysis may include identifying vulnerabilities, weaknesses in security controls, human errors, or other factors that contributed to the malware incident. Once these root causes are identified, appropriate measures can be taken to address them, such as patching vulnerabilities, improving security policies and procedures, enhancing employee training, and implementing technical controls.

Agree it is B.

Agree.

The given answer is correct. For comprehensive treatment plan to be developed you need to know the root cause of the problem so that you start the correction there. Knowing the impact without knowing the cause has potential for recurrence

B is a "model answer"

impact assessment is to find out the impact and do in risk analysis. When the malware is already making effect. which means you are already know the impact. (You are under impact already). What you should do is, find out the root cause and resolve the problem. So B is correct.

I will go with B , Risk impact assessment require to be done but after risk analysis in this case RCA .

C makes more sense

Deff C

should be C?