You are the project manager of GHT project.
You have implemented an automated tool to analyze and report on access control logs based on severity.
This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical"
What you should do in order to fulfill that?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
As the sensitivity of the monitoring tool has to be changed, therefore it requires optimization of Key Risk Indicator.
The monitoring tool which is giving alerts is itself acting as a risk indicator.
Hence to change the sensitivity of the monitoring tool to give alert only for critical situations requires optimization of the KRI.
Incorrect Answers: A, C, D: These options are not relevant to the change of sensitivity of the monitoring tools.
The correct answer is A. Apply risk response.
Explanation:
As the project manager, you have implemented an automated tool to analyze and report on access control logs. However, the tool generates excessively large amounts of results, which can lead to alert fatigue and make it difficult to identify critical alerts.
To address this issue, you perform a risk assessment to determine the best course of action. In this case, you decide to configure the monitoring tool to report only when the alerts are marked "critical." This is a risk response that reduces the likelihood and impact of the risk of missing critical alerts due to the excessive volume of alerts generated by the tool.
Applying a risk response involves selecting and implementing appropriate measures to reduce or eliminate the risk, or to transfer the risk to another party. In this case, the risk response is to configure the monitoring tool to report only critical alerts, which reduces the volume of alerts and makes it easier to identify and respond to critical events.
Optimizing Key Risk Indicators (KRI) involves selecting the most relevant and important metrics for monitoring risks, and using these metrics to assess the level of risk exposure. Updating the risk register involves recording and documenting all identified risks, their likelihood and impact, and the measures taken to mitigate or manage them. Performing quantitative risk analysis involves using statistical methods and modeling to assess the likelihood and impact of risks.
Therefore, the most appropriate answer is A. Apply risk response.