3. **In what ways can an organization measure the effectiveness of its cybersecurity risk management program, and what key metrics should be monitored to ensure sustained protection against cyber threats?

3. **In what ways can an organization measure the effectiveness of its cybersecurity risk management program, and what key metrics should be monitored to ensure sustained protection against cyber threats?