Certified Chief Information Security Officer (CCISO) — Question 176

Which of the following is the MOST logical method of deploying security controls within an organization?

Answer options

• A. Obtain funding for all desired controls and then create project plans for implementation
• B. Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and costly controls
• C. Apply the least costly controls to demonstrate positive program activity
• D. Obtain business unit buy-in through close communication and coordination

Correct answer: D

Explanation

Option D is the best choice because obtaining buy-in from business units ensures that security controls are aligned with organizational goals and supported by key stakeholders. Options A and C focus on funding and cost rather than collaboration, while option B, although it suggests a risk-based approach, does not emphasize the importance of communication and buy-in from business units.