CASP+ CAS-003 – Question 160

0
41

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.

Which of the following BEST meets the needs of the board?

A. KRI:

  • Compliance with regulations
  • Backlog of unresolved security investigations
  • Severity of threats and vulnerabilities reported by sensors
  • Time to patch critical issues on a monthly basis

KPI:

  • Time to resolve open security items
  • % of suppliers with approved security control frameworks
  • EDR coverage across the fleet
  • Threat landscape rating

B. KRI:

  • EDR coverage across the fleet
  • Backlog of unresolved security investigations
  • Time to patch critical issues on a monthly basis- Threat landscape rating

KPI:

  • Time to resolve open security items
  • Compliance with regulations
  • % of suppliers with approved security control frameworks
  • Severity of threats and vulnerabilities reported by sensors

C. KRI:

  • EDR coverage across the fleet
  • % of suppliers with approved security control framework
  • Backlog of unresolved security investigations
  • Threat landscape rating

KPI:

  • Time to resolve open security items
  • Compliance with regulations
  • Time to patch critical issues on a monthly basis
  • Severity of threats and vulnerabilities reported by sensors

D. KPI:

  • Compliance with regulations
  • % of suppliers with approved security control frameworks
  • Severity of threats and vulnerabilities reported by sensors
  • Threat landscape rating

KRI:

  • Time to resolve open security items
  • Backlog of unresolved security investigations
  • EDR coverage across the fleet
  • Time to patch critical issues on a monthly basis

Correct Answer: A

LEAVE A REPLY

Please enter your comment!
Please enter your name here