Certified Information Security Manager (CISM) — Question 445
Which of the following is MOST important to consider when determining the effectiveness of the information security governance program?
Answer options
- A. Key performance indicators (KPIs)
- B. Maturity models
- C. Risk tolerance levels
- D. Key risk indicators (KRIs)
Correct answer: A
Explanation
Key performance indicators (KPIs) are vital as they provide measurable values that reflect the success of the information security governance program. While maturity models, risk tolerance levels, and key risk indicators (KRIs) are important, they do not directly measure the effectiveness of governance like KPIs do.