Certified Information Security Manager (CISM) — Question 87
Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?
Answer options
- A. The information security operations matrix
- B. Changes to information security risks
- C. Information security program metrics
- D. Results of a recent external audit
Correct answer: C
Explanation
The correct answer, C, is appropriate because information security program metrics provide quantifiable data that can clearly illustrate the effectiveness and progress of the security initiatives. While A, B, and D offer relevant information, they do not comprehensively measure the overall performance of the security program like the metrics do.