ExamGecko
Search Search Login
Home Home / Isaca / Cybersecurity Audit
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
Using digital evidence to provide validation that an attack has actually occurred is an example of;
Which of the following is the BEST indication that an organization's vulnerability management process is operating effectively?
The GREATEST advantage of using a common vulnerability scoring system is that it helps with:
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
Which of the following BEST characterizes security mechanisms for mobile devices?
Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:
The risk of an evil twin attack on mobile devices is PRIMARILY due to:
What is the FIRST activity associated with a successful cyber attack?
Which of the following backup procedure would only copy files that have changed since the last backup was made?

Question 15 - Cybersecurity Audit discussion

Report
Export

Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?

A.
Allocating a significant amount of budget to security investments
Answers
A.
Allocating a significant amount of budget to security investments
B.
Adopting industry security standards and frameworks
Answers
B.
Adopting industry security standards and frameworks
C.
Establishing metrics to measure and monitor security performance
Answers
C.
Establishing metrics to measure and monitor security performance
D.
Conducting annual security awareness training for all employees
Answers
D.
Conducting annual security awareness training for all employees
Suggested answer: C

Explanation:

The MOST critical thing to guiding and managing security activities throughout an organization to ensure objectives are met is establishing metrics to measure and monitor security performance. This is because metrics provide quantifiable and objective data that can be used to evaluate the effectiveness and efficiency of security activities, as well as identify gaps and areas for improvement. Metrics also enable communication and reporting of security performance to stakeholders, such as senior management, board members, auditors, regulators, customers, etc. The other options are not as critical as establishing metrics, because they either involve spending money without knowing the return on investment (A), adopting standards without customizing them to fit the organization's context and needs (B), or conducting training without assessing its impact on behavior change (D).

Show Answer
asked 18/09/2024
Anton Khodyakov
46 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms