Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CISM 1.0 - ISACA > E- Monitoring Responsibilities and Metrics > Flashcards

E- Monitoring Responsibilities and Metrics Flashcards

1
Q

Monitoring Responsibilities

A

helps an organization confirm that the correct jobs are being carried out in the right way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Some Tools of monitoring

A
  • Controls and internal audit
  • Metrics and reporting
  • Work measurement
  • Performance measurement
  • 360 feedback
  • Position benchmarking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

360 feedback

A

Soliciting structured feedback from peers, subordinates, and management helps subjects and management better understand characteristics related to specific responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are metrics

A

Means through which management can measure key processes and know whether their strategies are working

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Metrics

A

Security metrics are often used to observe technical IT security controls and processes and to know whether they are operating properly.
They include metrics such as KRIs, KGIs, and KPIs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Key risk indicators (KRIs)

A

Metrics associated with the measurement of risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Key Goal Indicator (KGIS)

A

Metrics that portray the attainment of strategic goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Key Performance Indicators (KPIs)

A

Metrics used to show efficiency or effectiveness of security-related activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When can metrics be effective

A

They need to be measurable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SMART Method

A

Specific , Measurable, Attainable, Relevant, Timely.

SMART ensures the quality and effectiveness of a Metric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Other consideration for Good metrics

A
  • Leading indicator: Does the metric help management to predict future risk?
  • Causal relationship: Does the metric have a defensible causal relationship to a business impact, where a change in the metric compels someone to act?
  • Influence: Has the metric influenced decision-making (or will it)?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What a security program strategy and objectives should contain?

A

Statements that can be translated into key measurements - The key performance and risk metrics of the program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you measure the success of a risk management program

A

By indirect measurements like improving trends such as:

  • Reduction in the number of securities incidents.
  • Reduction in the impact of security incidents,
  • Reduction in the time to remediation vulnerabilities
  • Etc…
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What should a security program IMPROVING its maturity from low levels should first expect to see

A

The number of incidents increase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What should a security program that is IMPROVED and matures over time should expect to see

A

The number of new risks will, at first, increase and then later decrease.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What performance measurement metrics of information security provide

A

A view of tactical security processes and activities.

17
Q

Performance measurement metrics can include

A
  • Time to detect security incidents
  • Time to remediate security incidents
  • Time to provision user accounts
  • Time to deprovision user accounts
  • Time to discover vulnerabilities
18
Q

On what value delivery metrics focus on?

A

On the long-term reduction of cost, in proportion to other measures.

19
Q

Example of value delivery metrics

A
  • Control Used
  • Percentage of controls that are effective
  • Program costs per asset population or asset value
  • Program costs per employee population
  • Program costs per revenue.
20
Q

What metrics should be used with caution

A

Value Delivery Metrics. It should be used in combination with another metrics to avoid wrong metrics results.

21
Q

Resource management metric

A

Similar to value delivery, but has emphasis is placed on program efficiency.

22
Q

Balanced Scorecard

A

A management tool that is used to measure the performance, effectiveness and progress of an organization.

23
Q

The Four perspectives of the Balanced Scorecard

A

1-Finance
2-Customer
3-Internal Processes
4-Innovation and learning

24
Q

Business Model for Information Security (BMIS)

A

A guide for business-aligned, risk based security governance.

25
Q

Security Balanced Scorecard

A

Used to specifically measure security organization performance and results.

26
Q

The Four perspectives of the Security Balanced Scorecard

A 
Same as the Balance ScoreCard.
1-Finance
2-Customer 
3-Internal Processes
4-Innovation and learning
27
Q

From where is the security balanced scorecard derived from

A

From the organization’s overall balanced score card and its IT balanced Scorecard

28
Q

Why is the security balanced scorecard derived from the organization’s overall balanced score card and its IT balanced Scorecard

A

To ensure that security will align itself with corporate objectives.

29
Q

ROSI ?

When it’s easy to compute it?

A

Return On Security Investment it easier to be computed for events that occur more frequently.

30
Q

Key in Balanced Score Card

A
  • Financial
  • Customer
  • Internal process
  • Innovation

CISM 1.0 - ISACA (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions