Certified Information Security Manager (CISM) — Question 331

In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

Answer options

• A. review the number of reported security incidents.
• B. evaluate results of the most recent incident response test.
• C. ensure established security metrics are reported.
• D. assess progress of risk mitigation efforts.

Correct answer: C

Explanation

The correct answer is C because established security metrics provide quantifiable insights into an organization's security posture, enabling informed decision-making. While reviewing incidents, incident response tests, and risk mitigation efforts are important, they do not offer the comprehensive overview that security metrics can provide.