(ISC)2 Certified in Cybersecurity Practice Exam

What measure indicates how dependent an organization is on a specific information system for success?

• A. Criticality
• B. Importance
• C. Availability
• D. Vulnerability

The correct answer is: Criticality

The measure that indicates how dependent an organization is on a specific information system for success is referred to as criticality. This concept captures the essential role that a specific information system plays in the overall operations, processes, and objectives of an organization. When an information system is deemed critical, it means that its failure or unavailability could significantly disrupt business functions or lead to adverse consequences, such as financial loss, damage to reputation, or impaired service delivery. Criticality is often assessed during risk management processes as organizations identify which systems are vital to their success and what potential impact their failure may have. This assessment helps in prioritizing resource allocation for risk mitigation, ensuring that the most critical systems receive the attention needed to enhance their resilience or recovery capabilities. While the terms importance, availability, and vulnerability are relevant in discussions of information security and system management, they do not encapsulate the dependency aspect as well as criticality does. Importance is a more general term that doesn't directly imply a measure of reliance for success. Availability refers to the uptime or accessibility of a system but does not consider the consequences of its unavailability in the context of organizational success. Vulnerability highlights weaknesses in a system that could be exploited but does not speak to the degree of reliance or operational impact.