Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?
A . Allocating a significant amount of budget to security investments
B . Adopting industry security standards and frameworks
C . Establishing metrics to measure and monitor security performance
D . Conducting annual security awareness training for all employees
Answer: C
Explanation:
The MOST critical thing to guiding and managing security activities throughout an organization to ensure objectives are met is establishing metrics to measure and monitor security performance. This is because metrics provide quantifiable and objective data that can be used to evaluate the effectiveness and efficiency of security activities, as well as identify gaps and areas for improvement. Metrics also enable communication and reporting of security performance to stakeholders, such as senior management, board members, auditors, regulators, customers, etc. The other options are not as critical as establishing metrics, because they either involve spending money without knowing the return on investment (A), adopting standards without customizing them to fit the organization’s context and needs (B), or conducting training without assessing its impact on behavior change (D).
Latest Cybersecurity Audit Certificate Dumps Valid Version with 75 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund