Certified Information Security Manager (CISM) — Question 1209

An information security risk analysis BEST assists an organization in ensuring that:

Answer options

• A. the infrastructure has the appropriate level of access control.
• B. cost-effective decisions are made with regard to which assets need protection
• C. an appropriate level of funding is applied to security processes.
• D. the organization implements appropriate security technologies

Correct answer: B

Explanation

The correct answer is B because a risk analysis helps prioritize assets based on their value and the threats they face, allowing organizations to allocate resources effectively. Options A, C, and D, while important, focus on specific aspects of security rather than the overarching goal of making informed, cost-effective protection decisions regarding assets.