Certified Information Security Manager (CISM) — Question 922
Which of the following is MOST helpful in determining the realization of benefits from an information security program?
Answer options
- A. Vulnerability assessments
- B. Key risk indicators (KRIs)
- C. Business impact analysis (BIA)
- D. Key performance indicators (KPIs)
Correct answer: D
Explanation
Key performance indicators (KPIs) are essential for measuring the effectiveness and benefits of an information security program. While vulnerability assessments, KRIs, and BIAs provide valuable insights, they do not directly measure the realization of benefits as KPIs do.