Certified Chief Information Security Officer (CCISO) — Question 173

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?

Answer options

• A. All vulnerabilities found on servers and desktops
• B. Only critical and high vulnerabilities servers
• C. Only critical and high vulnerabilities on servers and desktops
• D. All vulnerabilities that impact important production servers

Correct answer: B

Explanation

The best choice, option B, focuses on critical and high vulnerabilities on servers, which are most significant to the organization's risk management and security posture. Option A includes all vulnerabilities, which may overwhelm the BOD with unnecessary information. Option C expands the scope to desktops, which may not be as relevant for the Board's high-level overview. Option D limits the focus to production servers but may overlook critical vulnerabilities on other important systems.