A critical component of a continuous improvement program for information security is:
A.
measuring processes and providing feedback.
B.
developing a service level agreement (SLA) for security.
C.
tying corporate security standards to a recognized international standard.
D.
ensuring regulatory compliance.
Explanation:
If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.