An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?
A. Results of application security testing
B. Results of application security awareness training quizzes
C. Number of reported security incidents
D. Number of IT employees attending security training sessions
A. Results of application security testing
B. Results of application security awareness training quizzes
C. Number of reported security incidents
D. Number of IT employees attending security training sessions