Which of the following provides the BEST indication of the return on information security investment?
Increased annualized loss expectancy (ALE)
Increased number of reported incidents
Reduced annualized loss expectancy (ALE)
Decreased number of reported incidents
A reduction in annualized loss expectancy (ALE) demonstrates that implemented controls have effectively reduced the organization’s exposure to risk.
“ALE reduction is a key indicator of the cost-effectiveness of security investments and the improvement of the risk posture.”
— CISM Review Manual 15th Edition, Chapter 2: Risk Management, Section: Cost-Benefit Analysis*
Submit