Which of the following information security metrics is the MOST difficult to quantify?
A. Cost of security incidents prevented
B. Percentage of controls mapped to industry frameworks
C. Extent of employee security awareness
D. Proportion of control costs to asset value
A. Cost of security incidents prevented
B. Percentage of controls mapped to industry frameworks
C. Extent of employee security awareness
D. Proportion of control costs to asset value