CompTIA CASP+ (CAS-004) — Question 586

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

Answer options

• A. Create a change management process.
• B. Establish key performance indicators.
• C. Create an integrated master schedule.
• D. Develop a communication plan.
• E. Perform a security control assessment.

Correct answer: B

Explanation

The correct answer, B, is essential because key performance indicators provide measurable values that demonstrate how effectively security controls are achieving their objectives. The other options, while important for broader project management and communication, do not directly relate to quantifying the effectiveness of security controls.