Certified Information Security Manager (CISM) — Question 653

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following is MOST important to include in the business case?

Answer options

• A. Alignment with the approved IT strategy
• B. Potential impact of threat realization
• C. Availability of resources to implement the initiative
• D. Peer group threat intelligence report

Correct answer: B

Explanation

The potential impact of threat realization is the most crucial element to include, as it directly highlights the risks and consequences of not addressing the threats. While alignment with IT strategy, resource availability, and peer reports are important, they do not capture the urgency and significance of the threats as effectively as the potential impacts do.