Certified Information Security Manager (CISM) — Question 224

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Answer options

• A. Key performance indicators (KPIs)
• B. Risk assessment results
• C. Industry benchmarks
• D. Business impact analysis (BIA) results

Correct answer: A

Explanation

Key performance indicators (KPIs) are specifically designed to provide measurable values that reflect the effectiveness of compliance efforts, making them the best choice for senior management. While risk assessment results, industry benchmarks, and BIA results provide valuable information, they do not directly communicate compliance status in a way that is easily understandable for management.