Certified Information Security Manager (CISM) — Question 226

Which of the following is the PRIMARY reason for an information security manager to present the business case for an information security initiative to senior management?

Answer options

• A. To aid management in the decision-making process for purchasing the solution
• B. To represent stakeholders who will benefit from enhancements in information security
• C. To provide management with the status of the information security program
• D. To demonstrate to management the due diligence involved with selecting the solution

Correct answer: A

Explanation

The primary purpose of presenting the business case is to assist management in making informed decisions regarding the acquisition of the solution. Options B, C, and D, while relevant to the overall discussion of information security, do not directly address the immediate need for decision-making support related to purchasing.