CISA Certified Information Systems Auditor – Question0659

An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

A.
The impact of organizational changes on the security risk profile
B. The costs associated with business process changes
C. Results of benchmarking against industry peers
D. Security controls needed for risk mitigation

Correct Answer: A