A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system.
The system holds archives of contracts that are no longer in use.
The contracts contain intellectual property and have a data classification of non-public.
Which of the following be the BEST risk indicator for this system?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The BEST risk indicator for the given scenario would be the "Number of accounts accessing the system per day" (Option D).
Here's why: The system holds archives of contracts that are no longer in use, but they still contain intellectual property and have a data classification of non-public. This means that unauthorized access to this information could lead to a breach of confidentiality, which is a major security risk. Therefore, the main concern for the CISO would be to prevent unauthorized access to the system.
Out of the given options, the "Number of accounts accessing the system per day" is the best KRI because it directly measures the level of access to the system. Monitoring the number of accounts that access the system each day can help identify any abnormal activity, such as a sudden spike in access attempts or unauthorized accounts trying to access the system.
Options A, B, and C are not as relevant to this scenario: A) Average minutes of downtime per quarter: This metric measures the amount of time the system is unavailable. While downtime is a concern, it is not directly related to the risk of unauthorized access to sensitive information. B) Percent of patches applied in the past 30 days: This metric measures the level of patch management and software updates for the system. While important for overall system security, it does not directly measure the risk of unauthorized access to sensitive information. C) Count of login failures per week: This metric measures the number of failed login attempts, which is important for detecting brute-force attacks. However, it is not as relevant to the scenario because the main concern is preventing unauthorized access to the system, rather than detecting brute-force attacks.
In summary, the "Number of accounts accessing the system per day" is the best KRI for this scenario because it directly measures the level of access to the system and can help identify any abnormal activity that could indicate unauthorized access to sensitive information.