🔥 3-day streak
ISACA CISM — Certified Information Security Manager99 / 121
Question 99 of 121

A newly appointed information security manager wants to establish a metrics program to demonstrate the value of security investments to executives. The team has access to a large volume of operational data from various tools but has never formally reported metrics. What should the manager do FIRST before collecting and reporting any metrics?

Reviewed for accuracy · Report an issueNext question