Certified Information Security Manager (CISM) — Question 154

Which of the following should be the MAIN outcome from monitoring key performance indicators (KPIs) for a corporate security management program?

Answer options

• A. A balanced scorecard
• B. An effective security awareness program
• C. Data for the organization to assess progress
• D. Optimal level of value delivery

Correct answer: C

Explanation

The main outcome of monitoring KPIs is to gather data that allows the organization to evaluate its progress effectively, making option C the correct choice. While options A, B, and D are important aspects of security management, they do not directly represent the primary purpose of KPI monitoring.