CISM Certified Information Security Manager – Question0043 - CISM Certified Information Security Manager

Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

A. assessing the frequency of incidents.
B. quantifying the cost of control failures.
C. calculating return on investment (ROI) projections.
D. comparing spending against similar organizations.

Correct Answer: C

Explanation:

Explanation:
Calculating the return on investment (ROI) will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.