CISM Certified Information Security Manager – Question0681 - CISM Certified Information Security Manager

An information security manager uses security metrics to measure the:

A. performance of the information security program.
B. performance of the security baseline.
C. effectiveness of the security risk analysis.
D. effectiveness of the incident response team.

Correct Answer: A

Explanation:

Explanation:
The security metrics should be designed so that there is a relationship to the performance of the overall security program in terms of effectiveness measurement. Use of security metrics occurs after the risk assessment process and does not measure it. Measurement of the incident response team performance is included in the overall program performance, so this is an incomplete answer.