New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CRISC Exam - Topic 7 Question 8 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 8
Topic #: 7
[All CRISC Questions]

An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Kerry at May 07, 2022, 08:56 PM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jackie
4 months ago
Not sure if the CISO can handle all the risks alone, though.
upvoted 0 times
...
Floyd
4 months ago
Wait, why would the IT Controls Manager be responsible? That seems off.
upvoted 0 times
...
Laurene
4 months ago
The Chief Risk Officer is usually the one who handles these issues.
upvoted 0 times
...
Herminia
4 months ago
I think the Business Process Owner should take responsibility here.
upvoted 0 times
...
Mila
5 months ago
Definitely the Chief Information Security Officer should own this risk.
upvoted 0 times
...
Josefa
5 months ago
I’m leaning towards the Chief Information Security Officer, but I wonder if the business process owner has more direct responsibility for customer data.
upvoted 0 times
...
Shoshana
5 months ago
The Chief Risk Officer seems like a logical choice, but I feel like the IT controls manager might have a role in this as well.
upvoted 0 times
...
Samira
5 months ago
I remember a practice question where the business process owner was held accountable for data integrity, so maybe they should be involved here too?
upvoted 0 times
...
Karma
5 months ago
I think the Chief Information Security Officer should own the risk since they're responsible for overall security, but I'm not entirely sure.
upvoted 0 times
...
Abel
5 months ago
Hmm, I'm not too sure about this one. I'll have to think it through carefully. Maybe I should review my notes on SAP applications for supply chain management.
upvoted 0 times
...
Linsey
5 months ago
Hmm, I'm a bit unsure about this one. I know external stakeholders are those outside the organization, but I'm not totally confident which of these options would qualify. I'll have to think it through carefully.
upvoted 0 times
...
Laura
5 months ago
This seems straightforward enough. I'll eliminate the options that are clearly not the cause of the issue, then focus on the remaining possibilities.
upvoted 0 times
...

Save Cancel