Certified Information Security Manager (CISM) — Question 1006

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Answer options

• A. Benchmarking the expected value of the metrics against industry standards
• B. Aligning the metrics with the organizational culture
• C. Agreeing on baseline values for the metrics
• D. Developing a dashboard for communicating the metrics

Correct answer: B

Explanation

Aligning the metrics with the organizational culture is crucial because it ensures that the metrics resonate with the values and behaviors of the organization, making them more effective. While benchmarking, agreeing on baseline values, and developing dashboards are important, they do not hold the same significance as ensuring alignment with the culture, which fosters acceptance and understanding of the metrics.