Certified Information Security Manager (CISM) — Question 853
Which of the following is MOST important when defining how an information security budget should be allocated?
Answer options
- A. Business impact assessment
- B. Regulatory compliance standards
- C. Information security strategy
- D. Information security policy
Correct answer: C
Explanation
The Information security strategy is fundamental as it outlines the overall direction and priorities for security efforts, guiding budget allocation effectively. While business impact assessments, regulatory compliance standards, and policies are important, they serve as components of the broader strategy rather than the primary focus for budget distribution.