Which of the following tools is MOST appropriate to assess whether information security
governance objectives are being met?
A.
SWOT analysis
B.
Waterfall chart
C.
Gap analysis
D.
Balanced scorecard
Explanation:
The balanced scorecard is most effective for evaluating the degree to which information security
objectives are being met. A SWOT analysis addresses strengths, weaknesses, opportunities and
threats. Although useful, a SWOT analysis is not as effective a tool. Similarly, a gap analysis,
while useful for identifying the difference between the current state and the desired future state, is
not the most appropriate tool. A waterfall chart is used to understand the flow of one process into
another.