Which of the following key control indicators (KCIs) BEST indicates whether security requirements are identified and managed throughout a project life cycle?
A.
Number of employees completing project-specific security training
B.
Number of projects going live without a security review
C.
Number of security projects started in core departments
D.
Number of security-related status reports submitted by project managers
D. Number of security-related status reports submitted by project managers
The number of security-related status reports submitted by project managers is the best key control indicator (KCI) to determine whether security requirements are identified and managed throughout a project life cycle. These status reports reflect ongoing communication about security issues and measures between project managers and stakeholders, demonstrating that security is actively considered, monitored, and managed throughout the project.
Number of projects going live without a security review is a KCI, not C.
The number of security-related status reports says nothing about the effectiveness of the control.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
8 months, 1 week agoBroesweelies
8 months, 3 weeks agoldl
9 months agojohn_boogieman
11 months, 1 week agojohn_boogieman
11 months, 1 week agoSuchib
1 year ago