Certified Information Security Manager (CISM) — Question 765

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Answer options

• A. Performing penetration tests against the network to demonstrate business vulnerability
• B. Highlighting competitor performance regarding network best security practices
• C. Presenting comparable security implementation estimates from several vendors
• D. Demonstrating that targeted security controls tie to business objectives

Correct answer: D

Explanation

The correct answer, D, is effective because it connects security investments directly to the organization's strategic objectives, making it easier for senior management to see the value. Other options, while informative, do not directly link security investments to business goals, making them less compelling for decision-makers.