Certified Information Security Manager (CISM) — Question 93

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its:

Answer options

• A. compliance with industry regulations.
• B. key performance indicators (KPIs).
• C. level of support from senior management.
• D. timeliness in responding to attacks.

Correct answer: B

Explanation

Evaluating key performance indicators (KPIs) provides measurable and actionable insights into the organization's cybersecurity effectiveness. While compliance with regulations (A), management support (C), and response timeliness (D) are important, they do not offer the same continuous and quantifiable assessment that KPIs do.