Certified Information Security Manager (CISM) — Question 186

Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

Answer options

• A. business process requirements.
• B. business process reengineering.
• C. legal and regulatory requirements.
• D. information security budget.

Correct answer: A

Explanation

The correct answer is A because mitigating technology risks should align closely with the needs of the business processes to ensure that the technology adequately supports operational goals. The other options, while important, do not focus primarily on the direct requirements of business processes, making them less relevant in this context.