Reviewing which of the following would BEST ensure that security controls are effective?

Reviewing which of the following would BEST ensure that security controls are effective?
A . Risk assessment policies
B . Return on security investment
C . Security metrics
D . User access rights

Answer: C

Explanation:

Reviewing security metrics provides senior management a snapshot view and trends of an organization’s security posture. Choice A is incorrect because reviewing risk assessment policies would not ensure that the controls are actually working. Choice B is incorrect because reviewing returns on security investments provides business justifications in implementing controls, but does not measure effectiveness of the control itself. Choice D is incorrect because reviewing user access rights is a joint responsibility of the data custodian and the data owner, and does not measure control effectiveness.

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments