Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
A . Number of controls implemented
B . Percent of control objectives accomplished
C . Percent of compliance with the security policy
D . Reduction in the number of reported security incidents

View Answer

Answer: B

Explanation:

Control objectives are directly related to business objectives; therefore, they would be the best metrics. Number of controls implemented does not have a direct relationship with the results of a security program. Percentage of compliance with the security policy and reduction in the number of security incidents are not as broad as choice B.