CISA Certified Information Systems Auditor – Question2362

The selection of security controls is PRIMARILY linked to:

A.
risk appetite of the organization.
B. regulatory requirements.
C. business impact assessment.
D. best practices of similar organizations.

Correct Answer: C