Question $40(1$ point$)$

The InfoSec measurement development process recommended by NIST is divided into two major activities. Which of the following is one of them?

Question $40$ options:

A$)$

development and selection of qualified personnel to gauge the implementation, effectiveness, efficiency, and impact of the security controls

B$)$

identification and definition of the current InfoSec program

C$)$

maintenance of the vulnerability management program

D$)$

comparison of organizational practices against similar organization