Certified Information Security Manager (CISM) — Question 1180
Which of the following is MOST effective in gaining support for the information security strategy from senior management?
Answer options
- A. Cost-benefit analysis results
- B. Third-party security audit results
- C. Business impact analysis (BIA) results
- D. A major breach at a competitor
Correct answer: A
Explanation
A cost-benefit analysis provides a clear financial perspective that helps senior management understand the value of investing in information security. While third-party audits and business impact analyses offer insights, they may not directly correlate with financial outcomes. A major breach at a competitor, though alarming, is less proactive and may not present a compelling case for investing in security measures.