A risk practitioner is updating the risk register after a third-party security incident. Which of the following is the MOST important information to include in the risk register entry for this third-party risk?
Why this answer
The risk register should include a description of the risk event, its impact, and the response. While other details are relevant, the core of the entry is the event and its consequences.