CISSP · Question #427
Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
The correct answer is A. Report using metrics.. Reporting using metrics is the most important thing that a security professional must do in order to quantify the value of a security program to organization management. Metrics are measurable indicators that can be used to evaluate the performance, effectiveness, efficiency, and
Question
Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
Options
- AReport using metrics.
- BRank priorities as high, medium, or low.
- CCommunicate compliance obstacles.
- DReport en employee activities
How the community answered
(20 responses)- A85% (17)
- B10% (2)
- C5% (1)
Explanation
Reporting using metrics is the most important thing that a security professional must do in order to quantify the value of a security program to organization management. Metrics are measurable indicators that can be used to evaluate the performance, effectiveness, efficiency, and progress of a security program. Metrics can help the security professional to demonstrate the benefits, costs, risks, and return on investment of the security program, as well as to identify the gaps, weaknesses, and improvement opportunities. Metrics can also help the organization management to understand the security posture, align the security goals with the business objectives, and make informed decisions.
Topics
Community Discussion
No community discussion yet for this question.