Developing an appropriate set of information security metrics tosupport having an information security program achieve itsobjectives. Effective security metrics need to be appropriate forthe audience asked to consume (use) them. Think about two keyaudiences a CISO needs to interact with: 1) The Chief InformationOfficer (CIO) and 2) The Board Of Directors, specifically a RiskCommittee of the Board, so think big picture/strategic. Would youuse the same set of measures for each group to communicate theeffectiveness of the information security program? If not, why not?List out three specific security metrics you would present to eachof those two audiences and talk about what
OR
OR