Certified Information Security Manager (CISM) — Question 949

Which of the following would provide the BEST input to a business case for a technical solution to address potential system vulnerabilities?

Answer options

• A. Business impact analysis (BIA)
• B. Vulnerability scan results
• C. Risk assessment
• D. Penetration test results

Correct answer: C

Explanation

The correct answer is C, as a risk assessment provides a comprehensive evaluation of potential threats and their impacts, which is crucial for justifying the need for a technical solution. While a Business Impact Analysis (BIA), vulnerability scan results, and penetration test results offer useful information, they do not provide the same level of insight into the overall risk landscape as a risk assessment does.