(Choose 1 answer)
Organizations must consider all but which of the following during development and implementation of an InfoSec measurement program?
A. Measurements must yield quantifiable information
B. Data that supports the measures needs to be readily obtainable
C. Only repeatable InfoSec processes should be considered for measurement
D. Measurements must be useful for tracking non-compliance by internal personnel
E. None of the mentioned
Elt 41
