A critical component of a continuous improvement program for information security is:

A.
measuring processes and providing feedback.

B.
developing a service level agreement (SLA) for security.

C.
tying corporate security standards to a recognized international standard.

D.
ensuring regulatory compliance.

Explanation:

If an organization is unable to take measurements that will improve the level of its safety program.
then continuous improvement is not possible. Although desirable, developing a service level
agreement (SLA) for security, tying corporate security standards to a recognized international
standard and ensuring regulatory compliance are not critical components for a continuous
improvement program.