Certified Information Security Manager (CISM) — Question 486
Which of the following would MOST effectively communicate the benefits of an information security program to executive management?
Answer options
- A. Key performance indicators (KPIs)
- B. Threat models
- C. Key risk indicators (KRIs)
- D. Industry benchmarks
Correct answer: A
Explanation
Key performance indicators (KPIs) provide measurable values that demonstrate how effectively an organization is achieving key business objectives, making them particularly valuable for executive management. The other options, while important for understanding risks and threats, do not communicate the benefits of the security program as clearly or directly to executives.