CISM Certified Information Security Manager – Question0446

The MOST important reason to maintain key risk indicators (KRIs) is that:

A.
threats and vulnerabilities continuously evolve.
B. they are needed to verify compliance with laws and regulations.
C. they help assess the performance of the security program.
D. management uses them to make informed business decisions.

Correct Answer: A