A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system. The system holds archives of contracts that are no longer in use.
The contracts contain intellectual property and have a data classification of nonpublic. Which of the following be the BEST risk indicator for this system?
A. Average minutes of downtime per quarter
B. Percent of patches applied in the past 30 days
C. Count of login failures per week
D. Number of accounts accessing the system per day
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
Maybe: C. Count of login failures per week
Of the options listed, this is the only one that measures something that might be an attempted attack.
D. Number of accounts accessing the system per day
As long as the accounts are legit, who cares? Maybe, from time to time, a lot of users have legitimate reasons to access the system?
A. Average minutes of downtime per quarter – This is a performance indicator but it can’t be a key one for this system since it is no longer in use.
B. Percent of patches applied in the past 30 days – Only one that makes sense.
C. Count of login failures per week – isn’t measurable. What is too high or too low?
D. Number of accounts accessing the system per day – – isn’t measurable. What is too high or too low?
KRI is defined as how likely the risk will occur. Risk is calculated using percentages.
B
I was in doubt between B and D.
The issue here is confidentiality. I would go with B because knowing how vulnerable the server that hosts confidential information (due to not applying patches) better demonstrates the risk when comparing to knowing that X users logged on the app last day.
D – Contracts no longer in use… what matters is who and how many times it is being logged into. Intellectual property at risk of being stolen.
B