Certified Information Security Manager (CISM) — Question 269

Key risk indicators (KRIs) are MOST effective when they:

Answer options

• A. are mapped to core strategic initiatives.
• B. allow for comparison with industry peers.
• C. are redefined on a regular basis.
• D. assess progress toward declared goals.

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of aligning KRIs with core strategic initiatives to effectively measure risk in relation to organizational goals. Options B, C, and D, while beneficial, do not directly address the primary effectiveness of KRIs linked to strategic initiatives, making them less impactful in this context.