Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
A. The indicator should possess a high correlation with a specific risk and be measured on a regular basis.
B. The indicator should focus on IT and accurately represent risk variances.
C. The indicator should align with key performance indicators and measure root causes of process performance issues.
D. The indicator should provide a retrospective view of risk impacts and be measured annually.
A. The indicator should possess a high correlation with a specific risk and be measured on a regular basis.
B. The indicator should focus on IT and accurately represent risk variances.
C. The indicator should align with key performance indicators and measure root causes of process performance issues.
D. The indicator should provide a retrospective view of risk impacts and be measured annually.