Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?

Which of the following BEST contributes to the development of a security governance framework
that supports the maturity model concept?

Which of the following BEST contributes to the development of a security governance framework
that supports the maturity model concept?

A.
Continuous analysis, monitoring and feedback

B.
Continuous monitoring of the return on security investment (ROSD

C.
Continuous risk reduction

D.
Key risk indicator (KRD setup to security management processes

Explanation:

To improve the governance framework and achieve a higher level of maturity, an organization
needs to conduct continuous analysis, monitoring and feedback compared to the current state of
maturity. Return on security investment (ROSD may show the performance result of the security

related activities; however, the result is interpreted in terms of money and extends to multiple
facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction
would demonstrate the effectiveness of the security governance framework, but does not indicate
a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control
assessment. KRI setup presents a threshold to alert management when controls are being
compromised in business processes. This is a control tool rather than a maturity model support
tool.



Leave a Reply 0

Your email address will not be published. Required fields are marked *