A company is implementing a new continuous monitoring tool for its network security controls. Which of the following is the MOST important step to ensure the tool provides meaningful risk information?
Alignment ensures the tool focuses on what matters for risk management.
Why this answer
Option C is correct because the tool must be configured to monitor the key controls that address high-risk areas to be effective. Option A is wrong real-time alerts are useful but not the most important if they monitor irrelevant controls. Option B is wrong integration with SIEM is operational, not a prerequisite for meaningful risk info.
Option D is wrong training is important but secondary to proper configuration.