Certified Information Security Manager (CISM) — Question 655
Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?
Answer options
- A. Detailed analysis of security program KPIs
- B. An information security risk register
- C. An information security dashboard
- D. A capability and maturity assessment
Correct answer: C
Explanation
The most effective way to present quarterly reports is through an information security dashboard (C), as it provides a visual overview of key metrics and trends. Detailed analyses (A) and risk registers (B) may overwhelm or confuse the board, while capability assessments (D) focus more on maturity than current status, making them less suitable for a quarterly overview.