CRISC - Risk Assessment - Section 2.3
Conduct vulnerability and control deficiency analysis to identify gaps that expose the organisation to risk.
Conduct vulnerability assessment and control deficiency analysis to identify gaps that expose the organisation to unacceptable risk. Use root cause analysis to distinguish symptoms from underlying weaknesses so that remediation addresses the source rather than the surface finding.
Vulnerability assessmentControl deficiencyGap analysisRoot cause
More in this domain
Back to all Risk Assessment objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.