Certified Information Security Manager (CISM) — Question 704
Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?
Answer options
- A. Senior management support
- B. Results of a risk assessment
- C. Results of a cost-benefit analysis
- D. Impact on the risk profile
Correct answer: C
Explanation
The results of a cost-benefit analysis are essential in justifying the investment in an information security program, as they provide quantifiable data on the potential financial return and risks. While senior management support, risk assessment results, and the impact on the risk profile are all important, they do not provide the same level of financial justification as a cost-benefit analysis.