In order to show improvement of security over time, what must be developed?
A.
Reports
B.
Testing tools
C.
Metrics
D.
Taxonomy of vulnerabilities
Explanation:
Today, management demands metrics to get a clearer view of security.
Metrics that measure participation, effectiveness, and window of exposure, however, offer information the
organization can use to make plans and improve programs.
http://www.infoworld.com/article/2974642/security/4-security-metrics-that-matter.html