Certified Information Security Manager (CISM) — Question 1028
Which of the following is MOST important to define when creating information security management metrics?
Answer options
- A. Budget
- B. Objectives
- C. Policy
- D. Benchmarks
Correct answer: B
Explanation
Defining objectives is essential because metrics are intended to measure progress towards specific goals in information security management. Without clear objectives, metrics can be misaligned with the organization's security strategy. The other options, while important, do not directly influence the measurement of success in achieving security goals.