Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?
Annualized loss resulting from security incidents is the most appropriate metric to demonstrate the effectiveness of information security controls to senior management. This metric provides a comprehensive view of the financial impact of security incidents, which is a key concern for senior management. It helps them understand the real-world consequences of inadequate controls in monetary terms, making it easier for them to grasp the importance and efficacy of security measures.
D - The metric provides a comprehensive view of the financial impact of security incidents, helping senior management understand the real-world consequences of inadequate controls