IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation.
The BEST way to address this request would be to use:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The best way to address the IT stakeholders' request for IT risk profile reports associated with specific departments to allocate resources for risk mitigation would be to use key risk indicators (KRIs) (option B).
Key risk indicators (KRIs) are measurable values that provide insights into the likelihood and potential impact of risks. They are used to monitor and assess risks in real-time and provide early warnings of potential issues. KRIs are aligned with organizational objectives, and they provide a quick and easy way to identify emerging risks and trends.
Using KRIs to create IT risk profile reports associated with specific departments would help the risk practitioner to identify and prioritize the most critical risks for each department. This information can then be used to allocate resources for risk mitigation activities based on the level of risk and the potential impact on the organization.
While historical risk assessments (option A), cost associated with each control (option C), and information from the risk register (option D) can be useful sources of information, they do not provide real-time insights into emerging risks and trends. KRIs are designed to provide this type of information and are, therefore, the best way to address the IT stakeholders' request for IT risk profile reports associated with specific departments.