CISA Certified Information Systems Auditor – Question0654

Which of the following is the BEST approach for determining the maturity level of an information security program?

A.
Review internal audit results.
B. Engage a third-party review.
C. Perform a self-assessment.
D. Evaluate key performance indicators (KPIs).

Correct Answer: D