In order to show improvement of security over time, what must be developed?

A. Reports

B. Testing tools

C. Metrics

D. Taxonomy of

vulnerabilities

Today, management demands metrics to get a clearer view of security.

Metrics that measure participation, effectiveness, and window of exposure, however, offer information the organization can use to make plans and improve program

s.

References:

Topic 2, Analysis/Assessment