CISA Certified Information Systems Auditor – Question2613

Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organization’s security incident response management capability?

A.
Number of business interruptions due to IT security incidents per year.
B. Number of IT security incidents reported per month
C. Number of malware infections in business applications detected per day.
D. Number of alerts generated by intrusion detection systems (IDS) per minute.

Correct Answer: A