How would an organization know if its new information s…

How would an organization know if its new information security program is accomplishing its goals?

How would an organization know if its new information security program is accomplishing its goals?

A.
Key metrics indicate a reduction in incident impacts.

B.
Senior management has approved the program and is supportive of it.

C.
Employees are receptive to changes that were implemented.

D.
There is an immediate reduction in reported incidents.

Explanation:

Option A is correct since an effective security program will show a trend in impact reduction. Options B and C may well derive from a performing program, but are not as significant as option A. Option D may indicate that it is not successful.



Leave a Reply 0

Your email address will not be published. Required fields are marked *