December 23, 2021 by Admin
An information security manager uses security metrics to measure the:
- performance of the information security program.
- performance of the security baseline.
- effectiveness of the security risk analysis.
- effectiveness of the incident response team.
Explanation:
The security metrics should be designed so that there is a relationship to the performance of the overall security program in terms of effectiveness measurement. Use of security metrics occurs after the risk assessment process and does not measure it. Measurement of the incident response team performance is included in the overall program performance, so this is an incomplete answer.