I won't choose C because Audit findings are only part of the security metrics to be reported, there are broader range of risk reporting need to be covered by the organisational reporting process
A. Organizational reporting process.
For risk and security metrics to be effectively reported and understood by stakeholders, it's crucial to have an established organizational reporting process. This process provides a structured and consistent manner to convey information, ensuring that key stakeholders receive relevant data in a timely and comprehensible manner, aiding in informed decision-making. While the other options are relevant to various aspects of risk management and security, they don't directly ensure the effectiveness of metrics reporting as the organizational reporting process does.
A. Organizational reporting process.
Having an organized reporting process ensures that there's a systematic, consistent, and repeatable method to capture, analyze, and present risk and security metrics. This contributes directly to the effectiveness of the metrics reporting, ensuring that data is collected and reported in a manner that facilitates understanding and decision-making.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kaixin
1 week, 6 days ago01010100
6 months, 3 weeks agoeblue
7 months, 2 weeks agoCbtL
1 year agojohn_boogieman
1 year, 3 months agoSuchib
1 year, 4 months agoCeecil1959
2 years, 1 month agoRaj1510
2 years, 3 months agoVirginiaJessamine
2 years, 3 months ago