Certified in Risk and Information Systems Control (CRISC) — Question 157

A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

Answer options

• A. Ensuring the inclusion of all computing resources as log sources
• B. Ensuring time synchronization of log sources
• C. Ensuring read-write access to all log sources
• D. Ensuring the inclusion of external threat intelligence log sources

Correct answer: B

Explanation

The correct answer is B because time synchronization is crucial for accurate log correlation and analysis, ensuring that events from different sources can be aligned properly. Options A, C, and D, while important, do not directly impact the ability to correlate logs effectively, which is why they are not the most critical considerations.