Home » Isaca » CISM » Which of the following would be the BEST metric for the IT risk management process?
Which of the following would be the BEST metric for the IT risk management process?
A. Number of risk management action plans
B. Percentage of critical assets with budgeted remedial
C. Percentage of unresolved risk exposures
D. Number of security incidents identified
Correct Answer: B
Explanation/Reference:
Explanation:
Percentage of unresolved risk exposures and the number of security incidents identified contribute to the IT risk management process, but the percentage of critical assets with budgeted remedial is the most indicative metric. Number of risk management action plans is not useful for assessing the quality of the process.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
