Certified Information Security Manager (CISM) — Question 420

Which of the following is MOST important to include in monthly information security reports to the board?

Answer options

• A. Root cause analysis of security incidents
• B. Threat intelligence
• C. Risk assessment results
• D. Trend analysis of security metrics

Correct answer: D

Explanation

Trend analysis of security metrics is crucial as it helps the board understand patterns over time and assess the effectiveness of security measures. While root cause analysis, threat intelligence, and risk assessment results are important, they provide a snapshot rather than a comprehensive view of ongoing security performance and improvements.