Certified Information Security Manager (CISM) — Question 385
Which of the following BEST demonstrates return on investment (ROI) for an information security initiative?
Answer options
- A. Risk heat map
- B. Business impact analysis (BIA)
- C. Business case
- D. Information security program roadmap
Correct answer: C
Explanation
The 'Business case' is the best choice as it outlines the justification for the investment, including potential returns and benefits associated with the information security initiative. The other options, while important for assessing security risks and impacts, do not specifically quantify the financial returns on the investment.