CISM Certified Information Security Manager – Question0349

Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

A.
Continuous vulnerability monitoring tool
B. Categorization of the vulnerabilities based on system’s criticality
C. Monitoring of key risk indicators (KRIs)
D. Action plan with responsibilities and deadlines

Correct Answer: C

Explanation:

Explanations One approach seeing increasing use is to report and monitor risk through the use of key risk indicators (KRIs). KRIs can be defined as measures that, in some manner, indicate when an enterprise is subject to risk that exceeds a defined risk level. Typically, these indicators are trends in factors known to increase risk and are generally developed based on experience. They can be as diverse as increasing absenteeism or increased turnover in key employees to rising levels of security events or incidents.