Certified in Risk and Information Systems Control (CRISC) — Question 1227

An organization recently experienced multiple breaches that were detected months later. Which of the following would be MOST useful for timely monitoring and analysis going forward?

Answer options

• A. Threat intelligence information
• B. Security information and event management (SIEM)
• C. Security incident and problem reports
• D. External information security reviews

Correct answer: B

Explanation

The correct answer is B, as a Security Information and Event Management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware, making it essential for timely monitoring. Options A, C, and D, while useful, do not offer the same level of real-time monitoring and immediate analysis capabilities that a SIEM provides.