Certified Information Security Manager (CISM) — Question 1152

An information security manager is building a business case to support an investment in a next generation firewall. Which of the following would BEST maximize the effectiveness of the business case?

Answer options

• A. Comparing inherent risk to residual risk
• B. Aligning proof-of-concept with the information security strategy
• C. Ensuring return on investment (ROI) is included
• D. Comparing costs between the new solution and the current firewall

Correct answer: A

Explanation

The correct answer is A because comparing inherent risk to residual risk helps to highlight the potential benefits of the new firewall in reducing risks, making a strong case for investment. Options B, C, and D, while relevant, do not address the core focus on risk management as effectively as comparing risks does.