The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review. Which of the following BEST meets the needs of the board?

A. KRI: – Compliance with regulations – Backlog of unresolved security investigations – Severity of threats and vulnerabilities reported by sensors – Time to patch critical issues on a monthly basis KPI: – Time to resolve open security items – % of suppliers with approved security control frameworks – EDR coverage across the fleet – Threat landscape rating
B. KRI: – EDR coverage across the fleet – Backlog of unresolved security investigations – Time to patch critical issues on a monthly basis – Threat landscape rating KPI: – Time to resolve open security items – Compliance with regulations – % of suppliers with approved security control frameworks – Severity of threats and vulnerabilities reported by sensors
C. KRI: – EDR coverage across the fleet – % of suppliers with approved security control framework – Backlog of unresolved security investigations – Threat landscape rating KPI: – Time to resolve open security items – Compliance with regulations – Time to patch critical issues on a monthly basis – Severity of threats and vulnerabilities reported by sensors
D. KPI: – Compliance with regulations – % of suppliers with approved security control frameworks – Severity of threats and vulnerabilities reported by sensors – Threat landscape rating KRI: – Time to resolve open security items – Backlog of unresolved security investigations – EDR coverage across the fleet – Time to patch critical issues on a monthly basis
  Discussion forum

Question
0

Leave an answer