CISM Certified Information Security Manager – Question1489

Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

A.
Perform a penetration test to demonstrate the ability to protect.
B. Perform industry research annually and document the overall ranking of the IPS.
C. Establish and present appropriate metrics that track performance.
D. Provide yearly competitive pricing to illustrate the value of the IPS.

Correct Answer: C