Certified Information Security Manager (CISM) — Question 54

Which of the following is the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

Answer options

• A. Establish and present appropriate metrics that track performance.
• B. Perform industry research annually and document the overall ranking of the IPS.
• C. Perform a penetration test to demonstrate the ability to protect.
• D. Provide yearly competitive pricing to illustrate the value of the IPS.

Correct answer: A

Explanation

The correct answer is A because establishing and presenting metrics that track performance provides concrete evidence of the IPS's effectiveness, justifying its ongoing costs. Options B and D focus on rankings and pricing, which do not directly reflect the system's performance, while option C, although useful, does not provide a continuous justification for maintenance fees.