Certified Information Security Manager (CISM) — Question 221

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Answer options

• A. relates the investment to the organization's strategic plan.
• B. realigns information security objectives to organizational strategy.
• C. articulates management's intent and information security directives in clear language.
• D. translates information security policies and standards into business requirements.

Correct answer: A

Explanation

The correct answer, A, is effective because linking the investment to the organization's strategic plan demonstrates its alignment with broader business goals, making it more appealing to decision-makers. While options B, C, and D provide valuable insights, they do not directly emphasize the connection to the organization's strategic direction, which is crucial for securing funding.