CISA Certified Information Systems Auditor – Question1979

When designing metrics for information security, the MOST important consideration is that the metrics:

A.
provide actionable data.
B. apply to all business units.
C. are easy to understand.
D. track trends over time.