COBIT 2019 Foundation — Question 32

Which of the following metrics would BEST enable an enterprise to evaluate an alignment goal specifically related to security of information and privacy?

Answer options

• A. Ratio and extent of erroneous business decisions in which erroneous I&T-related information was a key factor
• B. Number of critical business processes supported by up-to-date infrastructure and applications
• C. Number of confidentiality incidents causing financial loss, business disruption or public embarrassment.

Correct answer: C

Explanation

Option C is the best choice because it directly measures incidents that compromise confidentiality, which is crucial for assessing security and privacy. Options A and B, while relevant to business processes and decisions, do not specifically address the impact of confidentiality incidents on information security and privacy.