Folks, it's gotta be D. I can tell you that if I was sitting on a board. I would rely on an audit, especially 3rd party, to show me what the state of a security program is. Metrics would be my second choice.
Do you think you have the time to read an audit, its findings, and interpret it and relate it to business objectives then take a decision what to do???
Metrics can include key performance indicators (KPIs), such as the number of security incidents, incident response times, compliance with security policies, and other relevant data points that help the board understand how well the organization is managing its information security risks.
Information security program metrics (Option C) would BEST demonstrate the status of an organization's information security program to the board of directors.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
D2D2
Highly Voted 2 years, 1 month agoCarlLimps
Highly Voted 1 year, 10 months agoddharia94
1 year, 6 months agowello
1 year, 7 months agod3fa4d2
Most Recent 8 months, 2 weeks agooluchecpoint
1 year, 4 months agorichck102
1 year, 6 months agowello
1 year, 7 months agoSouvik124
1 year, 10 months ago