Back to Security Metrics

Key Risk Indicators (KRIs)

5 minutes 5 Questions

Key Risk Indicators (KRIs) are metrics that provide insight into an organization's risk exposure. These metrics help organizations identify and monitor factors that could potentially impact their security and business objectives. KRIs are commonly used to establish a baseline for risk levels and to…

Test mode:
Start practice test
CISSP - Key Risk Indicators (KRIs) Example Questions

Test your knowledge of Key Risk Indicators (KRIs)

Question 1

A company has decided to implement an early warning system for data breaches. What KRI should they monitor to achieve this?

Correct Answer: Unusual access patterns or activity volume

Unusual access patterns or activity volume is the KRI that would most likely provide early warning for data breaches. The other options are not directly related to spotting data breaches.

Question 2

A cyber insurance company wants to ensure it has the right coverage for organizations with cloud-based infrastructure. What KRI should be used?

Correct Answer: Number of cloud-related security incidents

Number of cloud-related security incidents is the KRI that would best help the insurance company understand the risks associated with cloud-based infrastructure. The other options are not directly related to understanding the potential risks of insuring cloud-based organizations.

Question 3

A financial institution is trying to identify and prioritize its security risks. What KRI should be used to measure potential financial impact?

Correct Answer: Estimated financial loss due to security incidents

Estimated financial loss due to security incidents is the KRI that directly reflects the potential financial impact of a risk. The other options do not provide a direct measure of financial impact.

More Key Risk Indicators (KRIs) questions
12 questions (total)
Start 12 question test