Certified Information Security Manager (CISM) — Question 317

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the
MOST important input to assist the committee in making this decision?

Answer options

• A. IT strategy
• B. Security architecture
• C. Risk assessment
• D. Business case

Correct answer: D

Explanation

The most vital input for the committee is the Business case, as it outlines the justification, benefits, and costs associated with the key control implementation. While the other options provide valuable information, they do not directly address the necessity for business alignment and cost-effectiveness that the committee needs to consider.