Certified Information Security Manager (CISM) — Question 527

Which of the following is BEST determined by using technical metrics?

Answer options

• A. Whether controls are operating effectively
• B. How well security risk is being managed
• C. Whether security resources are adequately allocated
• D. How well the security strategy is aligned with organizational objectives

Correct answer: A

Explanation

Technical metrics provide quantifiable data that can directly indicate the effectiveness of security controls in place. In contrast, options B, C, and D involve broader assessments that may require qualitative analysis, making them less suited for direct measurement through technical metrics.