Certified Information Security Manager (CISM) — Question 639

Which of the following would BEST justify continued investment in an information security program?

Answer options

• A. Speed of implementation
• B. Reduction in residual risk
• C. Industry peer benchmarking
• D. Security framework alignment

Correct answer: B

Explanation

The correct answer, B, is right because a reduction in residual risk demonstrates the effectiveness of the information security program in mitigating threats. The other options, while important, do not directly indicate the program's success in enhancing security and reducing risk.