Certified Information Systems Security Professional (CISSP) — Question 73

When developing an organization's information security budget, it is important that the:

Answer options

• A. requested funds are at an equal amount to the expected cost of breaches.
• B. expected risk can be managed appropriately with the funds allocated.
• C. requested funds are part of a shared funding pool with other areas.
• D. expected risk to the organization does not exceed the funds allocated.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of ensuring that the allocated funds are sufficient to manage the anticipated risks effectively. Option A is incorrect because simply matching funds to breach costs does not ensure proper risk management. Option C is misguided as it suggests that sharing funds diminishes the focus on security needs. Option D misinterprets risk management by implying that exceeding budget limits is acceptable as long as it doesn't surpass allocated funds.