December 23, 2021 by Admin
Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
- The indicator should possess a high correlation with a specific risk and be measured on a regular basis.
- The indicator should focus on IT and accurately represent risk variances.
- The indicator should align with key performance indicators and measure root causes of process performance issues.
- The indicator should provide a retrospective view of risk impacts and be measured annually.