Multiple Choice
Organizations must consider all but which of the following during development and implementation of an information security measurement program?
A) Measures must yield quantifiable information (percentages, averages, and numbers)
B) Data that supports the measures needs to be readily obtainable
C) Only repeatable information security processes should be considered for measurement
D) Measures must be useful for tracking shortfalls in organizational resources
Correct Answer:
Verified
Correct Answer:
Verified
Q103: Organizations that adopt minimum levels of security
Q104: It is no longer sufficient to simply
Q105: NIST recommends the documentation of performance measures
Q106: Even with strong management support,an information security
Q107: Organizations that adopt minimum levels of security
Q109: Performance _ make it possible to define
Q110: A best practice is a "value or
Q111: <u>Measures </u>are data points or computed trends
Q112: While the terms may be interchangeable in
Q113: Creating a blueprint by looking at the