An organization is choosing key performance indicators (KPIs) for its information security management. Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?
A. Time from initial reporting of an incident to appropriate escalation
B. Time from identifying a security threat to implementing a solution
C. The number of security controls implemented
D. The number of security incidents during the past quarter B Which of the following control checks would utilize data analytics?
A. Evaluating configuration settings for the credit card application system
B. Reviewing credit card applications submitted in the past month for blank data fields
C. Attempting to submit credit card applications with blank data fields
D. Reviewing the business requirements document for the credit card application system