Certified Information Security Manager (CISM) — Question 470

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Answer options

• A. Perform a cost-benefit analysis.
• B. Collect additional metrics.
• C. Begin due diligence on the outsourcing company.
• D. Submit funding request to senior management.

Correct answer: A

Explanation

The correct answer is A, as a cost-benefit analysis provides a clear rationale for outsourcing by weighing the financial implications against the potential security improvements. The other options, while important, do not directly address the need for initial approval and may delay the process.