Which of the following is the MOST relevant metric to include in an information security quarterly
report to the executive committee?
A.
Security compliant servers trend report
B.
Percentage of security compliant servers
C.
Number of security patches applied
D.
Security patches applied trend report
Explanation:
The percentage of compliant servers will be a relevant indicator of the risk exposure of the
infrastructure. However, the percentage is less relevant than the overall trend, which would
provide a measurement of the efficiency of the IT security program. The number of patches
applied would be less relevant, as this would depend on the number of vulnerabilities identified
and patches provided by vendors.