Certified Business Analysis Professional (CBAP) — Question 136

Which of the following processes measures the maturity level of the security program?

Answer options

• A. Risk analysis
• B. Risk mitigation
• C. Risk assessment
• D. GAP analysis

Correct answer: D

Explanation

GAP analysis is the process that identifies the differences between the current state and the desired state of a security program, effectively measuring its maturity level. In contrast, risk analysis, risk mitigation, and risk assessment focus more on identifying, managing, and evaluating risks rather than assessing the overall maturity of the security program.