CISM - Information Security Program - Section 3.5

Define and monitor information security programme metrics to measure effectiveness and support decision-making.

Define security metrics and key performance indicators (KPIs) that measure programme effectiveness and support evidence-based decision-making, including balanced scorecard approaches. Distinguish between leading indicators that predict future risk exposure and lagging indicators that report on past performance.

Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.