Which of the following would be the BEST metric for the IT risk management process?
A.
Number of risk management action plans
B.
Percentage of critical assets with budgeted remedial
C.
Percentage of unresolved risk exposures
D.
Number of security incidents identified
Explanation:
Percentage of unresolved risk exposures and the number of security incidents identified contribute
to the IT risk management process, but the percentage of critical assets with budgeted remedial is
the most indicative metric. Number of risk management action plans is not useful for assessing the
quality of the process.