Question: When developing metrics to measure and monitor information security programs, the information security manager should ensure that the metrics reflect the:
A.) residual risks.
B.) levels of security.
C.) security objectives.
D.) statistics of security incidents.

Download pdf (with explanations) edition of this exam.