nerdexam
(ISC)2

CISSP · Question #427

Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?

The correct answer is A. Report using metrics.. Reporting using metrics is the most important thing that a security professional must do in order to quantify the value of a security program to organization management. Metrics are measurable indicators that can be used to evaluate the performance, effectiveness, efficiency, and

Submitted by naveen.iyer· Mar 5, 2026Security and Risk Management

Question

Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?

Options

  • AReport using metrics.
  • BRank priorities as high, medium, or low.
  • CCommunicate compliance obstacles.
  • DReport en employee activities

How the community answered

(20 responses)
  • A
    85% (17)
  • B
    10% (2)
  • C
    5% (1)

Explanation

Reporting using metrics is the most important thing that a security professional must do in order to quantify the value of a security program to organization management. Metrics are measurable indicators that can be used to evaluate the performance, effectiveness, efficiency, and progress of a security program. Metrics can help the security professional to demonstrate the benefits, costs, risks, and return on investment of the security program, as well as to identify the gaps, weaknesses, and improvement opportunities. Metrics can also help the organization management to understand the security posture, align the security goals with the business objectives, and make informed decisions.

Topics

#security program management#security metrics#value quantification#reporting

Community Discussion

No community discussion yet for this question.

Full CISSP Practice