Certified Information Security Manager (CISM) — Question 1192

Which of the following would BEST justify spending for a compensating control?

Answer options

• A. Root cause analysis
• B. Emerging risk trends
• C. Vulnerability assessment
• D. Risk analysis

Correct answer: D

Explanation

The correct answer is D, as a risk analysis helps in identifying and evaluating risks, thus providing a solid basis for justifying the need for compensating controls. Options A, B, and C, while important, do not directly assess the overall risk in the same comprehensive manner that a risk analysis does.