Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?

Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?
A . Effectiveness of the security program
B . Security incidents vs. industry benchmarks
C . Total number of hours budgeted to security
D . Total number of false positives

View Answer

Answer: A

Explanation:

The executive management concern that could be addressed by the implementation of a security metrics dashboard is the effectiveness of the security program. A security metrics dashboard is a tool that provides a visual representation of key performance indicators (KPIs) and key risk indicators (KRIs) related to the organization’s information security objectives and activities. A security metrics dashboard can help executive management monitor and evaluate the performance and value delivery of the security program, identify strengths and weaknesses, assess compliance with policies and standards, and support decision making and improvement initiatives. Security incidents vs. industry benchmarks, total number of hours budgeted to security, and total number of false positives are not executive management concerns that could be addressed by the implementation of a security metrics dashboard. These are more operational or technical aspects of information security that could be measured and reported by other means, such as incident reports, budget reports, or log analysis.

References: [ISACA CISA Review Manual 27th Edition], page 302