Certified Information Security Manager (CISM) — Question 8

Which of the following is the BEST way to determine if a recent investment in access control software was successful?

Answer options

• A. Senior management acceptance of the access control software
• B. A comparison of security incidents before and after software installation
• C. A business impact analysis (BIA) of the systems protected by the software
• D. A review of the number of key risk indicators (KRIs) implemented for the software

Correct answer: B

Explanation

The best way to evaluate the success of the access control software is by comparing security incidents before and after its installation, as this directly measures its impact on security. Senior management acceptance, a BIA, and the number of KRIs do not provide direct evidence of the software's effectiveness in reducing incidents.