An organization is developing its IT risk universe. Which of the following is the BEST source of information for identifying potential IT risks?
Trap 1: Industry benchmarking reports
Benchmarking provides comparative data but not comprehensive risk identification.
Trap 2: Results from the latest internal audit
Internal audits are periodic and may not cover all risks.
Trap 3: Historical loss data from the finance department
Historical data is useful but may not capture emerging risks.
- A
Threat intelligence feeds from ISACs
ISACs provide timely, relevant threat intelligence for the organization's sector.
- B
Industry benchmarking reports
Why wrong: Benchmarking provides comparative data but not comprehensive risk identification.
- C
Results from the latest internal audit
Why wrong: Internal audits are periodic and may not cover all risks.
- D
Historical loss data from the finance department
Why wrong: Historical data is useful but may not capture emerging risks.