CISM Certified Information Security Manager – Question0371

Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

A.
business process reengineering.
B. business process requirement.
C. legal and regulatory requirements.
D. information security budget.

Correct Answer: B