Certified Information Security Manager (CISM) — Question 705

The PRIMARY reason for using metrics as part of an information security program is to help management:

Answer options

• A. determine whether objectives are being met.
• B. visualize security trends.
• C. develop an information security baseline.
• D. track financial impact of the program.

Correct answer: A

Explanation

The correct answer, A, focuses on how metrics are essential for assessing whether the organization's goals are being achieved. The other options, while relevant to security programs, do not capture the primary intent of metrics, which is to measure the success of objectives.