CISM Certified Information Security Manager – Question0210

Which of the following would BEST help an information security manager prioritize remediation activities to meet regulatory requirements?

A. A capability maturity model matrix
B. Annual loss expectancy (ALE) of noncompliance
C. Cost of associated controls
D. Alignment with the IT strategy

Correct Answer: D