Question 33
Main Page
As CISO, you want to assess control effectiveness. What should be your primary goal?
A. Measure IT staff productivity
B. Demonstrate compliance with ISO 9001
C. Determine how well controls reduce risk
D. Identify every vulnerability
Answer: C. Determine how well controls reduce risk
Control effectiveness is measured by the degree to which it mitigates identified risks. This informs whether the residual risk is acceptable.