CISM Certified Information Security Manager – Question1020

Which of the following is the BEST approach for determining the maturity level of an information security program?

A.
Evaluate key performance indicators (KPIs)
B. Engage a third-party review
C. Review internal audit results
D. Perform a self-assessment

Correct Answer: A