NIST IR 7564 provides information about security metrics. How are these metrics categorized?

NIST IR 7564 organizes security metrics to serve different decision-makers and levels of an organization. It groups them into three layers: Strategic Support metrics, Quality Assurance metrics, and Tactical Oversight metrics. Strategic Support metrics are for senior leadership, guiding policy, resource allocation, and governance through high-level risk trends and business impact. Quality Assurance metrics focus on the effectiveness and quality of security processes and controls, ensuring compliance and process maturity. Tactical Oversight metrics provide real-time or near-term operational visibility, helping security teams monitor the current security posture and respond promptly to incidents. This three-tier approach captures governance, assurance, and operations, which is why this option fits best. The other choices describe specific security topics (encryption standards, incident response procedures, risk assessment frameworks) rather than the categorized metrics framework used in the document.