Which of the following is NOT one of the three types of performance measures used by organizations?
A) Those that determine the effectiveness of the execution of InfoSec policy
B) Those that determine the effectiveness and/or efficiency of the delivery of InfoSec services
C) Those that evaluate the compliance of non-security personnel in adhering to InfoSec policy
D) Those that assess the impact of an incident or other security event on the organizationor its mission

Question

Which of the following is NOT one of the three types of performance measures used by organizations? 
A) Those that determine the effectiveness of the execution of InfoSec policy 
B) Those that determine the effectiveness and/or efficiency of the delivery of InfoSec services 
C) Those that evaluate the compliance of non-security personnel in adhering to InfoSec policy 
D) Those that assess the impact of an incident or other security event on the organizationor its mission

Quizplus · Accepted Answer

The three types of performance measures used by organizations are those that determine effectiveness of execution of InfoSec policy, effectiveness/efficiency of delivery of InfoSec services, and impact assessment of security events/incidents. Evaluating compliance of non-security personnel is not one of the three types of performance measures.

Which of the Following Is NOT One of the Three