Certified Information Security Manager (CISM) — Question 56

Which of the following is MOST important when selecting an information security metric?

Answer options

• A. Ensuring the metric is repeatable
• B. Aligning the metric to the IT strategy
• C. Defining the metric in qualitative terms
• D. Defining the metric in quantitative terms

Correct answer: B

Explanation

The correct answer is B because aligning the metric to the IT strategy ensures that the security measurement supports overall organizational goals. The other options, while important, do not prioritize the strategic alignment necessary for effective information security management.