A CISO wants to implement a comprehensive security metrics program to track the organization's security posture over time. Which of the following approaches represents the most effective method for collecting meaningful KPIs and KRIs?
Implement metrics from security frameworks with minimal customization
Align metrics with business objectives and clearly define thresholds for action
Collect a diverse set of security metrics to ensure thorough coverage
Focus on technical metrics that demonstrate security control effectiveness
The correct answer is to align metrics with business objectives and clearly define thresholds for action. Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) must be meaningful to both security professionals and business stakeholders. By aligning these metrics with business objectives, they become relevant to decision-makers and more likely to drive action. Additionally, defining clear thresholds establishes when certain metrics require attention or intervention, making the data actionable rather than merely informative.
The other options are problematic for various reasons. Collecting a diverse set of metrics without strategic focus creates information overload and doesn't prioritize what's truly important. Focusing exclusively on technical metrics misses the business impact perspective that executives need for decision-making. And implementing metrics from security frameworks with minimal customization ignores the organization's unique risk profile and business context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is aligning KPIs and KRIs with business objectives essential?
Open an interactive chat with Bash
What are examples of clear thresholds for security metrics?
Open an interactive chat with Bash
Why is relying on minimally customized security frameworks insufficient?
Open an interactive chat with Bash
ISC2 CISSP
Security Assessment and Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .