Certified Information Security Manager (CISM) — Question 670

An information security manager has been asked to provide regular status reports to senior management regarding the information security program. Which of the following would provide the MOST helpful information?

Answer options

• A. A list detailing the latest threats
• B. Number of phishing incidents per month
• C. Remediation activities performed
• D. Key performance indicators (KPIs)

Correct answer: D

Explanation

Key performance indicators (KPIs) provide measurable values that demonstrate how effectively an organization is achieving key business objectives. While a list of threats, phishing incidents, and remediation activities are informative, they do not offer a comprehensive view of the program's effectiveness and overall security posture like KPIs do.