Certified Information Security Manager (CISM) — Question 893

Which of the following is the BEST indicator of an organization's information security status?

Answer options

• A. Threat analysis
• B. Controls audit
• C. Penetration test
• D. Intrusion detection log analysis

Correct answer: B

Explanation

A Controls audit is the best indicator of an organization's information security status because it evaluates the effectiveness of security controls in place. While Threat analysis, Penetration tests, and Intrusion detection log analysis provide useful insights, they do not offer a comprehensive overview of the overall security posture like a Controls audit does.