Certified Information Security Manager (CISM) — Question 1213

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Answer options

• A. availability of financial resources
• B. alignment with business needs
• C. the organization's risk tolerance
• D. adherence to international standards

Correct answer: B

Explanation

The correct answer is B because aligning security investments with business needs ensures that the technology addresses specific organizational goals and risks. While financial resources, risk tolerance, and adherence to standards are important factors, they should support the primary focus on business alignment.