Certified Chief Information Security Officer (CCISO) — Question 60

What is the MOST important reason for monitoring Key Risk Indicators (KRIs)?

Answer options

• A. The organization's risk profile is subject to change
• B. The processes used to develop KRIs can be fraught with errors and must be rechecked periodically
• C. Effective KRIs will reduce the time to implement risk treatment options
• D. A large number of KRIs is a critical part of continuous improvement of management

Correct answer: A

Explanation

The correct answer is A because monitoring KRIs is essential to adapt to the changing risk profile of the organization. Options B, C, and D focus on the processes and efficiency of KRIs but do not address the necessity of adapting to new risks, making them less critical in this context.