Certified Information Systems Security Professional – CISSP – Question274

Which of the following is the BEST reason for the use of security metrics?

A.
They ensure that the organization meets its security objectives.
B. They provide an appropriate framework for Information Technology (IT) governance.
C. They speed up the process of quantitative risk assessment.
D. They quantify the effectiveness of security processes.

Correct Answer: B