Certified in Risk and Information Systems Control (CRISC) — Question 707

Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?

Answer options

• A. Number of incidents originating from BYOD devices
• B. Budget allocated to the BYOD program security controls
• C. Number of devices enrolled in the BYOD program
• D. Number of users who have signed a BYOD acceptable use policy

Correct answer: A

Explanation

The correct answer, A, is the most effective KRI because it directly reflects the risk exposure from BYOD devices through incident frequency. The other options, while relevant, do not provide immediate insights into actual risk occurrences: B focuses on budget rather than incidents, C measures enrollment without reflecting risk, and D indicates policy acceptance without showing actual risk impact.