Certified Information Security Manager (CISM) — Question 494

An information security manager wants to implement a security information and event management (SIEM) system that will aggregate log data from all systems that control perimeter access. Which of the following would BEST support the business case for this initiative to senior management?

Answer options

• A. Industry examples of threats detected using a SIEM system
• B. Alignment with industry best practices
• C. Independent evidence of a SIEM system's ability to reduce risk
• D. Metrics related to the number of systems to be consolidated

Correct answer: C

Explanation

The correct answer is C because independent evidence demonstrating a SIEM system's effectiveness in reducing risk provides a solid, quantifiable justification for the investment. Options A and B, while relevant, do not provide concrete proof specific to risk reduction, and D focuses on consolidation metrics rather than the security value of the SIEM solution.