CISA Certified Information Systems Auditor – Question0817

Planning for the implementation of an information security program is MOST effective when it:

A.
uses risk-based analysis for security projects.
B. applies technology-driven solutions to identified needs.
C. uses decision trees to prioritize security projects.
D. applies gap analysis to current and future business plans.

Correct Answer: D