A CISO wants to implement a comprehensive security metrics program to track the organization's security posture over time. Which of the following approaches represents the most effective method for collecting meaningful KPIs and KRIs?
Collect a diverse set of security metrics to ensure thorough coverage
Implement metrics from security frameworks with minimal customization
Focus on technical metrics that demonstrate security control effectiveness
Align metrics with business objectives and clearly define thresholds for action
The correct answer is to align metrics with business objectives and clearly define thresholds for action. Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) must be meaningful to both security professionals and business stakeholders. By aligning these metrics with business objectives, they become relevant to decision-makers and more likely to drive action. Additionally, defining clear thresholds establishes when certain metrics require attention or intervention, making the data actionable rather than merely informative.
The other options are problematic for various reasons. Collecting a diverse set of metrics without strategic focus creates information overload and doesn't prioritize what's truly important. Focusing exclusively on technical metrics misses the business impact perspective that executives need for decision-making. And implementing metrics from security frameworks with minimal customization ignores the organization's unique risk profile and business context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are KPIs and KRIs, and why are they important?
Open an interactive chat with Bash
What does it mean to align security metrics with business objectives?
Open an interactive chat with Bash
What are some common pitfalls in collecting security metrics?
Open an interactive chat with Bash
ISC2 CISSP
Security Assessment and Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access