Certified Information Security Manager (CISM) — Question 114

Senior management has launched an enterprise-wide initiative to streamline internal processes to reduce costs, including security processes. What should the information security manager rely on MOST to allocate resources efficiently?

Answer options

• A. Capability maturity assessment
• B. Risk classification
• C. Return on investment (ROI)
• D. Internal audit reports

Correct answer: B

Explanation

The correct answer is B, Risk classification, as it helps prioritize security resources based on the level of risk associated with different assets and processes. Options A, C, and D, while valuable, do not directly focus on the risk aspect that is crucial for efficient resource allocation in a cost-reduction initiative.