CISSP · Question #935
When developing a business case for updating a security program, the security program owner MUST do which of the following?
The correct answer is A. Identify relevant metrics. When developing a business case for updating a security program, the security program owner needs to clearly demonstrate how the updated program will improve security, mitigate risks, and align with organizational goals. To do this, the identification of relevant metrics is cruci
Question
Options
- AIdentify relevant metrics
- BPrepare performance test reports
- CObtain resources for the security program
- DInterview executive management
How the community answered
(38 responses)- A79% (30)
- B13% (5)
- C3% (1)
- D5% (2)
Explanation
When developing a business case for updating a security program, the security program owner needs to clearly demonstrate how the updated program will improve security, mitigate risks, and align with organizational goals. To do this, the identification of relevant metrics is crucial. These metrics help quantify the effectiveness of the current program and illustrate the potential improvements that an updated program can deliver. Metrics might include things like the number of security incidents, response times, compliance levels, or risk assessments.
Topics
Community Discussion
No community discussion yet for this question.