CISM Certified Information Security Manager – Question1253

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

A.
automated reporting to stakeholders.
B. a control self-assessment process.
C. metrics for each milestone.
D. a monitoring process for the security policy.

Correct Answer: C