Certified Information Security Manager (CISM) — Question 368

Which of the following BEST supports investments in an information security program?

Answer options

• A. Business impact analysis (BIA)
• B. Risk assessment results
• C. Gap analysis results
• D. Business cases

Correct answer: D

Explanation

Business cases are essential as they provide a comprehensive justification for investments, outlining the benefits, costs, and risks involved. While Business Impact Analysis (BIA), risk assessment results, and gap analysis results offer valuable insights, they do not present a structured argument for securing funding as effectively as a business case does.