CISM Certified Information Security Manager – Question1015

Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

A.
Key risk indicators (KRIs)
B. Capability maturity models
C. Critical success factors (CSFs)
D. Key performance indicators (KPIs)

Correct Answer: A