Certified Information Security Manager (CISM) — Question 1235

The PRIMARY purpose for deploying information security metrics is to:

Answer options

• A. ensure that technical operations meet specifications.
• B. compare program effectiveness to benchmarks.
• C. support ongoing security budget requirements.
• D. provide information needed to make decisions.

Correct answer: D

Explanation

The correct answer is D because the primary goal of information security metrics is to furnish decision-makers with relevant data that can guide their choices. While the other options address important aspects of security metrics, they do not capture the fundamental purpose of aiding decision-making.