Effective CISSP Questions

Success is the result of achieving a goal. Performance is a measurable result used to measure the progress to the objective or goal. Which of the following is the first step for goal setting? (Wentz QOTD)
A. Determine key risk indicator
B. Define key goal indicator
C. Select key performance indicator
D. Identify related measures and metrics

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Identify related measures and metrics.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Strategic Planning
Strategic Planning

A goal should be measurable, so setting a goal starts with identifying and selecting candidate measures and metrics.

Goals and Objectives

The terms “goal” and “objective” are often used interchangeably. However, there are some differences. A goal is a written statement of desired outcomes or future state; an objective is the result to be achieved. A goal is typically broken down into objectives. Success is the result of achieving a goal. 


Given a hierarchy of objectives, a goal is the upper-level objective (parent) relative to the lower-level ones (children) broken down from it. A goal is measured by Key Goal Indicators (KGIs), while its subsidiary objectives are measured by Key Performance Indicators (KPIs). KGI is a measure for the outcome; while KPI is a measure for performance. A KGI at the lower level serves as a KPI to the parent KGI. The term KGI comes from COBIT, which distinguishes KGI as a lagging indicator from KPI as a leading indicator. However, it’s not uncommon to call a KGI (the effect) just KPI (the cause).

Performance Measurement

Performance is a measurable result used to measure the progress to the objective or goal. Measurement is a process to determine a value; it also refers to the result of a measurement. Measurements are values of a variable, or instances of a measure.

  • measure is a variable with “a standard unit used to express the size, amount, or degree of something” (Google Dictionary).  In other words, a measure collects facts, but it isn’t associated with an objective or goal, while a metric does.
  • metric is a quantitative measure that is associated with an objective or goal so that the performance can be measured.
  • An indicator is also a measure, but it can be either quantitative or qualitative.
Goals and Objectives
Goals and Objectives


成功是實現目標的結果。 績效是一種可衡量的結果,用於衡量標地(goal)或目標(objective)的進展情況。 以下哪一項是設定目標的第一步? (Wentz QOTD)
A. 決定關鍵風險指標 (KRI)
B. 定義關鍵目標指標 (KGI)
C. 選擇關鍵績效指標 (KPI)
D. 確定相關的措施(measures)和指標(metrics)

Leave a Reply