CISA Certified Information Systems Auditor – Question3003

Which of the following would be an indicator of the effectiveness of a computer security incident response team?

A.
Financial impact per security incident
B. Number of security vulnerabilities that were patched
C. Percentage of business applications that are being protected
D. Number of successful penetration tests

Correct Answer: A

Explanation:

Explanation:
The most important indicator is the financial impact per security incident. Choices B, C and D could be measures of effectiveness of security, but would not be a measure of the effectiveness of a response team.