Certified Chief Information Security Officer (CCISO) — Question 129

From the CISO's perspective in looking at financial statements, the statement of retained earnings of an organization:

Answer options

• A. Has a direct correlation with the CISO's budget
• B. Represents, in part, the savings generated by the proper acquisition and implementation of security controls
• C. Represents the sum of all capital expenditures
• D. Represents the percentage of earnings that could in part be used to finance future security controls

Correct answer: D

Explanation

The correct answer is D because the statement of retained earnings indicates the portion of earnings that can potentially be allocated for future investments, including security controls. Option A is incorrect as it does not directly reflect the CISO's budget. Option B misinterprets retained earnings, which are not solely about savings from security controls, and Option C is inaccurate as retained earnings do not represent capital expenditures.