CISM Certified Information Security Manager – Question0111
Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept? A. Continuous analysis, monitoring and feedback B. Continuous monitoring of the return on security investment (ROSD C. Continuous risk reduction D. Key risk indicator (KRD setup to security management processes
Correct Answer: A
Explanation:
Explanation: To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Please disable your adblocker or whitelist this site!