A risk practitioner has identified that the organization's secondary data center does not provide redundancy...

Isaca CRISC Question Answer

A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?

Business continuity director

Disaster recovery manager

Business application owner

Data center manager

Explanation:

The business application owner should have the authority to accept the associated risk, because they are responsible for the performance and outcomes of the critical application, and they understand the business requirements, expectations, and impact of the application. The business application owner can also evaluate the trade-offs between the potential benefits and costs of the application, and the potential risks and consequences of a disruption or failure of the application. The business application owner can also communicate and justify their risk acceptance decision to the senior management and other stakeholders, and ensure that the risk is monitored and reviewed regularly. The other options are less appropriate to have the authority to accept the associated risk. The business continuity director is responsible for overseeing the planning and execution of the business continuity strategy, which includes ensuring the availability andresilience of the critical business processes and applications. However, they are not the owner of the application, and they may not have the full knowledge or authority to accept the risk on behalf of the business. The disaster recovery manager is responsible for managing the recovery and restoration of the IT systems and applications in the event of a disaster or disruption. However, they are not the owner of the application, and they may not have the full knowledge or authority to accept the risk on behalf of the business. The data center manager is responsible for managing the operation and maintenance of the data center infrastructure, which includes providing the physical and environmental security, power, cooling, and network connectivity for the IT systems and applications. However, they are not the owner of the application, and they may not have the full knowledge or authority to accept the risk on behalf of the business. References = Risk IT Framework, ISACA, 2022, p. 181

CRISC PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Which of the following is the MOST important success factor when introducing risk management in...

The BEST way to determine the likelihood of a system availability risk scenario is by...

Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A risk practitioner has identified that the organization's secondary data center does not provide redundancy...

The Answer Is:

Explanation:

Quick Links