ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 68 discussion

Actual exam question from Isaca's CISM
Question #: 68
Topic #: 1
[All CISM Questions]

When establishing metrics for an information security program, the BEST approach is to identify indicators that:

  • A. support major information security initiatives.
  • B. reflect the corporate risk culture.
  • C. reduce information security program spending.
  • D. demonstrate the effectiveness of the security program.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Broesweelies at Jan. 15, 2023, 2:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Broesweelies
Highly Voted 1 year, 1 month ago
Selected Answer: D
D. demonstrate the effectiveness of the security program. When establishing metrics for an information security program, the BEST approach is to identify indicators that demonstrate the effectiveness of the security program. These metrics should measure the performance of the security controls in place, such as incident response time, vulnerability management, compliance with standards and regulations, and the overall effectiveness of the security program. By using these metrics, the organization can see how well the security program is working and make necessary adjustments.
upvoted 6 times
...
Viperhunter
Most Recent 3 months, 3 weeks ago
Selected Answer: D
When establishing metrics for an information security program, it is important to focus on indicators that demonstrate the effectiveness of the security program. These metrics should provide insights into the program's performance, its ability to mitigate risks, and its overall impact on the organization's security posture. Metrics that demonstrate effectiveness help in assessing the success of security initiatives and provide valuable information for decision-making and continuous improvement.
upvoted 2 times
...
Viperhunter
3 months, 3 weeks ago
Selected Answer: D
Metrics in an information security program should focus on demonstrating the effectiveness of the security measures and their contribution to the overall security posture. Effectiveness metrics help assess how well security controls are working, the level of risk reduction achieved, and the program's ability to meet its objectives. These metrics provide valuable insights for decision-makers and help in continuous improvement efforts. While supporting major information security initiatives (option A) is important, the primary goal is to measure effectiveness. Reflecting the corporate risk culture (option B) is important but might not directly measure program effectiveness. Metrics that reduce information security program spending (option C) may not necessarily align with the goal of demonstrating effectiveness and may not provide a comprehensive view of the security program's success.
upvoted 1 times
...
richck102
10 months ago
D. demonstrate the effectiveness of the security program.
upvoted 1 times
...
Q_K
1 year ago
Selected Answer: D
https://www.isaca.org/resources/isaca-journal/issues/2020/volume-6/key-performance-indicators-for-security-governance-part-1
upvoted 2 times
...
Antonivs
1 year, 1 month ago
Selected Answer: D
D, clearly. Effectiveness is the keyword here.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago