CISM Certified Information Security Manager – Question0688

Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?

A.
Security compliant servers trend report
B. Percentage of security compliant servers
C. Number of security patches applied
D. Security patches applied trend report

Correct Answer: A

Explanation:

Explanation:
The percentage of compliant servers will be a relevant indicator of the risk exposure of the infrastructure. However, the percentage is less relevant than the overall trend, which would provide a measurement of the efficiency of the IT security program. The number of patches applied would be less relevant, as this would depend on the number of vulnerabilities identified and patches provided by vendors.