The answer is either A or C depending on what they mean by "effectiveness" = A) Analysis would be determing how effective it is by looking at Key indicators like 'has the number of users clicking on a phishing simulation decreased" C) assessement would be auditing the actual systems for example doing a vulnerability scan and looking at previous scans to see if the number of vulnerabilities have decreased. They word these questions very poorly so effectiveness could mean two different things - how effective the company has been from more of a business reporting aspect (analysis) or how effect the company has been from a security/technical reporting aspect(assessment).
Assessment is a recognized audit type commonly used to evaluate and assess various aspects of an organization's security practices and controls, making it the most appropriate choice for evaluating the effectiveness of a security program.
Security Assessment = a comprehensive review of the security of a system, application, or other tested environment. CISSP study guide 9th ED page 726 onwards.
Auditor has to clearly state which their going to use, be it COBIT, ISO 27001 or ISO 27002 to do the assessments.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GuardianAngel
9 months, 1 week agoSoleandheel
11 months, 2 weeks agoSoleandheel
11 months, 2 weeks agoBP_lobster
1 year, 11 months agoBP_lobster
1 year, 11 months agojackdryan
1 year, 6 months agoJamati
2 years ago