A risk practitioner has been asked to recommend a key performance indicator (KPI) to assess the effectiveness of a manual process to terminate user access. Which of the following is the BEST KPI to recommend?
A.
Percent increase in number of access termination requests
B.
Timeframe of notification from business management to IT
C.
Timeframe from user termination to access revocation
D.
Ratio of successful log-in attempts to unsuccessful log-in attempts
I will go with C, this is because the risk of a terminated user's access still being valid is high as they may result in an unauthorised access to systems. So the timeframe between user termination and access revocation is the key matrix in this case KPI.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kaykaymuon
1 month, 1 week agoCbtL
4 months, 1 week ago