CISM Question #870: Real Exam Question with Answer & Explanation

The correct answer is A: key performance indicators (KPIs).. Key performance indicators (KPIs) translate the security program's activities and results into metrics that demonstrate whether program objectives are being met. Senior management needs a clear, business-relevant view of program effectiveness, and KPIs provide that at the right l

Submitted by haruto_sh· Apr 18, 2026Information Security Program Development and Management

Question

When an information security manager presents an information security program status report to senior management, the MAIN focus should be:

Options

Akey performance indicators (KPIs).
Bnet present value (NPV).
Ckey controls evaluation.
Dsecurity return on investment (ROI).

Explanation

Key performance indicators (KPIs) translate the security program's activities and results into metrics that demonstrate whether program objectives are being met. Senior management needs a clear, business-relevant view of program effectiveness, and KPIs provide that at the right level of abstraction. Net present value (NPV) and return on investment (ROI) are financial metrics that serve specific budget justification conversations, not ongoing program status reporting. Key controls evaluation is too technical for an executive audience. KPIs give leadership the performance visibility they need to make governance decisions.

Topics

#Program Reporting#KPIs#Senior Management Communication#Performance Measurement

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions