An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?
In the context of IT risk management during a digital transformation process, the highest priority should be the identification of risks. Without identifying the risks, it is impossible to analyze control gaps, select appropriate risk treatment options, or design effective key risk indicators (KRIs). Identifying risks is the foundation of any risk management process and must be addressed first to ensure that subsequent steps are based on an accurate understanding of the potential threats and vulnerabilities.
A is correct
This is the highest priority because it involves evaluating the existing controls and processes in place to mitigate risks associated with digital transformation. By assessing control gaps, you can determine where vulnerabilities or weaknesses exist, which is critical for making informed decisions about risk treatment options (Option B) and designing effective KRIs (Option D).
at first, evaluate gap.
How do you know about existing risk when you dont identify them? After Identification you can evaluate the gap.
at first, evaluate gap.
A. Identification of risk
HIGHEST priority? C
come on! HIGHEST priority is to identify the risks! then you can do your gap analysis...
C is most important. A is first, C is prioritized. You cannot prioritise appetizers over main course.
controls are based on the risks.