Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses "Number of successful phishing attacks" as a KRI, but it does not show an increase.
Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?
A. The ratio of phishing emails to non-phishing emails
B. The number of phishing attacks per employee
C. The number of unsuccessful phishing attacks
D. The percent of successful phishing attacks
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
The answer is D because of the audience. It is true that both the number of successful attacks and the number of unsuccessful attacks are required to calculate the percent of successful phishing attacks, senior management generally wants summaries.
Hard disagree. It’s gotta be C.
“Company leadership believes employees are experiencing an increased number of cyber attacks…”
Adding the unsuccessful attack metric in addition to the successful attack metric will clearly answer company leadership’s concern about employees reporting more attacks.
Also, the question never states that employees are reporting increased successful phishing attacks, only increased cyber attacks. We do not know if they are successful or not.
C.
Real complement to the actual info.
Dubious question again.
The “Number of successful phishing attacks” alone does not mean a lot, since you must know how many phishing attacks are done. This way, IMHO “C. The number of unsuccessful phishing attacks” and “D. The percent of successful phishing attacks” would be correct. I would mark C, since it complements the KRI you already have.
C