Notifications
Clear all
Topic starter
20/08/2022 6:54 am
Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?
- A . Review the confidentiality requirements.
- B . Identify the data owner.
- C . Select the data source
- D . Identify the intended audience.
Suggested Answer: D
Explanation:
"A better approach is the development of operational metrics, which are usually easily discovered and measured. The next step is to transform those operational metrics into different metrics, stated in business terms, FOR BUSINESS AUDIENCES. In a given organization, a security program might employ two, three, or more layers of metrics, usually related to each other, and stated in relevant technical or business terms for each RESPECTIVE AUDIENCE." - CISM All-In-One Study Guide, P.H. Gregory, 1st Edition
Explanation:
"A better approach is the development of operational metrics, which are usually easily discovered and measured. The next step is to transform those operational metrics into different metrics, stated in business terms, FOR BUSINESS AUDIENCES. In a given organization, a security program might employ two, three, or more layers of metrics, usually related to each other, and stated in relevant technical or business terms for each RESPECTIVE AUDIENCE." - CISM All-In-One Study Guide, P.H. Gregory, 1st Edition