Online CRISC Questions Video

Detailed Explanation:A review of business processes is crucial for identifying risk owners, as risk ownership is tied to specific processes within the organization. Risk owners are accountable for managing and mitigating risks within their respective areas. This ensures that risks are effectively addressed where they arise and aligns mitigation efforts with business objectives. Properly identifying risk owners supports better governance, accountability, and alignment with the organization's risk management strategy.

An organization’s account provisioning process is the process of creating, modifying, or deleting user accounts and access rights for the organization’s information systems and resources. It involves defining the access requirements, policies, and standards, and implementing and enforcing them across the organization.

The best evidence of the effectiveness of an organization’s account provisioning process is entitlement reviews, which are the periodic or regular reviews and validations of the user accounts and access rights that are granted or assigned to the users or entities that interact with the organization’s information systems and resources. Entitlement reviews can provide assurance and verification that the account provisioning process is accurate, consistent, and compliant, and that it meets the organization’s security and business objectives and requirements.

Entitlement reviews can be performed using various techniques, such as automated tools, reports, audits, surveys, etc. Entitlement reviews can also be integrated with the organization’s governance, risk management, and compliance functions, and aligned with the organization’s policies and standards.

The other options are not the best evidence of the effectiveness of an organization’s account provisioning process, because they do not provide the same level of assurance and verification that the account provisioning process is accurate, consistent, and compliant, and that it meets the organization’s security and business objectives and requirements.

User provisioning is the process of creating, modifying, or deleting user accounts and access rights for a specific user or entity, based on their identity, role, or function in the organization. User provisioning is an important part of the account provisioning process, but it is not the best evidence of the effectiveness of the account provisioning process, because it does not indicate whether the user accounts and access rights are appropriate and authorized, and whether they comply with the organization’s policies and standards.

Role-based access controls are the controls that grant or restrict user accounts and access rights based on the predefined roles or functions that the users or entities perform or assume in the organization. Role-based access controls are an important part of the account provisioning process, but they are not the best evidence of the effectiveness of the account provisioning process, because they do not indicate whether the roles or functions are defined and assigned correctly and consistently, and whether they comply with the organization’s policies and standards.

Security log monitoring is the process of collecting, analyzing, and reporting on the security events or activities that are recorded or logged by the organization’s information systems and resources. Security log monitoring is an important part of the account provisioning process, but it is not the best evidence of the effectiveness of the account provisioning process, because it does not indicate whether the security events or activities are legitimate or authorized, and whether they comply with the organization’s policies and standards. References =

ISACA, CRISC Review Manual, 7th Edition, 2022, pp. 40-41, 47-48, 54-55, 58-59, 62-63

ISACA, CRISC Review Questions, Answers & Explanations Database, 2022, QID 173

CRISC Practice Quiz and Exam Prep

The best method to ensure a terminated employee’s access to IT systems is revoked upon departure from the organization is to have the human resources (HR) system automatically revoke system access, which is a process that involves integrating the HR system with the IT system, and triggering the removal of access rights for the employee as soon as the termination is recorded in the HR system12.

This method is the best because it provides the most timely, accurate, and consistent way of revoking access, and reduces the risk of human error, oversight, or delay that may occur in manual or semi-automated processes12.

This method is also the best because it enhances the security and compliance of the organization, and prevents the terminated employee from accessing or compromising the IT systems or data after departure12.

The other options are not the best methods, but rather alternative or supplementary methods that may have some limitations or drawbacks. For example:

Login attempts are reconciled to a list of terminated employees is a method that involves monitoring and verifying the login activities of the IT systems, and comparing them with a list of terminated employees to identify and block any unauthorized access attempts34. However, this method is not the best because it is reactive rather than proactive, and may not prevent the terminated employee from accessing the IT systems before the reconciliation is done34.

A list of terminated employees is generated for reconciliation against current IT access is a method that involves creating and maintaining a list of terminated employees, and checking it against the current IT access rights to identify and remove any access that is no longer needed34. However, this method is not the best because it is manual and labor-intensive, and may introduce errors or inconsistencies in the list or the access rights34.

A process to remove employee access during the exit interview is implemented is a method that involves conducting an exit interview with the terminated employee, and revoking the employee’s access to the IT systems during or immediately after the interview34. However, this method is not the best because it depends on the availability and cooperation of the terminated employee, and may not cover all the IT systems or access rights that the employee had34. References =

1: IT Involvement in Employee Termination, A Checklist3

2: Best Practices to Ensure Departing Employees Retain No Access5

3: User Termination Best Practices - IT Security - Spiceworks2

4: IT Security for Employee Termination - Policies, Checklists, Templates - Endsight1

The most important requirement for monitoring key risk indicators (KRIs) using log analysis is providing accurate logs in a timely manner, because this ensures that the risk data is reliable, relevant, and up-to-date. Logs are records of events or activities that occur in IT systems, such as network traffic, user actions, system errors, or security incidents. Log analysis is the process of reviewing and interpreting logs to identify and assess risks, such as performance issues, operational failures, compliance violations, or cyberattacks. By providing accurate logs in a timely manner, an organization can monitor the current status and trends of its KRIs, which are metrics that measure the level and impact of risks. Accurate logs mean that the logs are complete, consistent, and free of errors or anomalies that may distort the risk data. Timely logs mean that the logs are available as soon as possible after the events or activities occur, and that they are updated frequently to reflect the latest changes. Providing accurate logs in a timely manner can help an organization to detect and respond to risks promptly, and to support risk-based decision making and reporting. References = Risk IT Framework, ISACA, 2022, p. 22