Which activity would BEST enable a risk manager to verify the scope of responsibilities for stakeholders in IT risk scenarios?
Which activity would BEST enable a risk manager to verify the scope of responsibilities for stakeholders in IT risk scenarios?
A tabletop exercise involves a structured, simulated scenario where stakeholders discuss their roles and actions in response to a specific IT risk event. This allows the risk manager to directly observe and verify the scope of responsibilities for each stakeholder, making it the most effective activity for this purpose. It enables clear identification and understanding of roles and responsibilities in a practical, interactive environment.
A tabletop exercise involves a structured discussion where stakeholders walk through the processes and actions they would take in various IT risk scenarios. This activity allows a risk manager to observe and verify the scope of responsibilities for each stakeholder in a controlled, realistic setting, ensuring everyone understands their roles and responsibilities.
A Risk assessment will result in a risk owner which will clearly articulate boudaries of the risk. Tabletop conversations and interviews are very subjective in nature.
Going with A. Tabletop exercises do help identify who does what / responsibilities.
Also the stakeholders might be outside IT, thus going with tabletop as you include more than just IT folks in them.
I am going with risk assessment B
Agree.
please justify.