Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
A. To present a realistic information security budget
B. To ensure that benefits are aligned with business strategies
C. To ensure that the mitigation effort does not exceed the asset value
D. To justify information security program activities
A. To present a realistic information security budget
B. To ensure that benefits are aligned with business strategies
C. To ensure that the mitigation effort does not exceed the asset value
D. To justify information security program activities