CISM Certified Information Security Manager – Question0122 - CISM Certified Information Security Manager

Investment in security technology and processes should be based on:

A. clear alignment with the goals and objectives of the organization.
B. success cases that have been experienced in previous projects.
C. best business practices.
D. safeguards that are inherent in existing technology.

Correct Answer: A

Explanation:

Explanation:
Organization maturity level for the protection of information is a clear alignment with goals and objectives of the organization. Experience in previous projects is dependent upon other business models which may not be applicable to the current model. Best business practices may not be applicable to the organization’s business needs. Safeguards inherent to existing technology are low cost but may not address all business needs and/or goals of the organization.