Isaca Certified in Risk and Information Systems Control CRISC Question # 255 Topic 26 Discussion
CRISC Exam Topic 26 Question 255 Discussion:
Question #: 255
Topic #: 26
An organizational policy requires critical security patches to be deployed in production within three weeks of patch availability. Which of the following is the BEST metric to verify adherence to the policy?
A.
Maximum time gap between patch availability and deployment
B.
Percentage of critical patches deployed within three weeks
C.
Minimum time gap between patch availability and deployment
D.
Number of critical patches deployed within three weeks
The best metric to verify adherence to the policy that requires critical security patches to be deployed in production within three weeks of patch availability is the maximum time gap between patch availability and deployment, as it measures the longest duration that the organization takes to apply the patches, and ensures that it does not exceed the policy limit. The other options are not the best metrics, as they may not reflect the actual or optimal compliance with the policy, or may not be relevant or measurable for the policy, respectively. References = CRISC Review Manual, 7th Edition, page 110.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit