Certified in Risk and Information Systems Control (CRISC) — Question 122

The BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability remediation program is the number of:

Answer options

• A. new vulnerabilities identified.
• B. recurring vulnerabilities.
• C. vulnerabilities remediated.
• D. vulnerability scans.

Correct answer: C

Explanation

The correct answer is C, as the number of vulnerabilities remediated directly reflects the program's success in addressing and fixing security issues. Options A and B focus on identifying or reoccurring vulnerabilities, which do not indicate remediation success. Option D pertains to the scanning process rather than the effectiveness of remediation efforts.