Certified in Risk and Information Systems Control (CRISC) — Question 577

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?

Answer options

• A. Percentage of vulnerabilities remediated within the agreed service level
• B. Number of vulnerabilities identified during the period
• C. Number of vulnerabilities re-opened during the period
• D. Percentage of vulnerabilities escalated to senior management

Correct answer: A

Explanation

The best KPI for measuring the effectiveness of a vulnerability management process is the percentage of vulnerabilities remediated within the agreed service level, as it directly reflects the success in addressing vulnerabilities in a timely manner. The number of vulnerabilities identified does not indicate the effectiveness of remediation, while the number reopened suggests issues in the process, and escalation to senior management may indicate a lack of resolution rather than effectiveness.