CISA Certified Information Systems Auditor – Question0651

Which of the following is MOST important when selecting an information security metric?

A.
Defining the metric in quantitative terms
B. Aligning the metric to the IT strategy
C. Defining the metric in qualitative terms
D. Ensuring the metric is repeatable

Correct Answer: A