CISA Certified Information Systems Auditor – Question0610

Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

A.
Vulnerability assessment results
B. Application security policy
C. A business case
D. Internal audit reports

Correct Answer: C