CRISC IT Risk Identification • Set 1
CRISC IT Risk Identification Practice Test 1 — 15 questions with explanations. Free, no signup.
A company recently experienced a data breach due to an unpatched vulnerability in a public-facing web application. During the post-incident review, the IT risk manager notes that the vulnerability was identified by the vulnerability scanner six months ago but was not remediated because the patch required a critical database server restart. Which of the following is the BEST risk treatment decision to prevent a recurrence?