Which of the following would NOT be a valuable performance measure?
A) Percent of the organization's IT budget devoted to InfoSec
B) Percent of IT personnel that have received security training
C) Percent of media that has been sanitized
D) Percent of vulnerabilities that have been remediated with organizationally specified time frames

Question

Quizplus · Accepted Answer

Percent of media that has been sanitized is not a valuable performance measure for InfoSec as it does not necessarily provide an accurate indication of the effectiveness of security measures within an organization. Factors such as the type of media and the level of sensitivity of the information it contains can significantly affect the value of this measure. The other options (A, B, and D) are all valuable performance measures for InfoSec as they provide insight into the allocation of resources, training of personnel, and the effectiveness of vulnerability management efforts.

Which of the Following Would NOT Be a Valuable Performance