Question 14
Main Page
A newly hired CISO wants to gauge performance of their security program team. What is the best measurement approach?
A. Only audit reports
B. Qualitative and quantitative KPIs
C. Monthly security newsletters
D. Number of alerts generated by SIEM
Answer: Qualitative and quantitative KPIs
Effective performance monitoring requires both quantitative (e.g., incident closure time) and qualitative (e.g., team satisfaction) metrics.