Certified in Risk and Information Systems Control (CRISC) — Question 323

Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?

Answer options

• A. Organizational reporting process.
• B. Incident reporting procedures.
• C. Regularly scheduled audits.
• D. Incident management policy.

Correct answer: A

Explanation

The correct answer is A because having a structured organizational reporting process ensures that risk and security metrics are communicated effectively and consistently. Options B, C, and D, while important for overall security, do not focus specifically on the effectiveness of reporting these metrics.