Certified Information Security Manager (CISM) — Question 991

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Answer options

• A. The system can be replicated for additional use cases.
• B. An industry peer experienced a recent breach with a similar application.
• C. The cost of implementing the system is less than the impact of downtime.
• D. The solution is within the organization's risk tolerance.

Correct answer: C

Explanation

The correct answer is C because demonstrating that the cost of the monitoring system is lower than the potential losses from downtime provides a strong business justification. Options A and B, while relevant, do not directly address the financial implications of system failures. Option D is also important, but it does not emphasize the cost-benefit analysis that is critical for securing management's support.