CISM Certified Information Security Manager – Question0189

Which of the following would be MOST important to consider when implementing security settings for a new system?

A.
Results from internal and external audits
B. Government regulations and related penalties
C. Business objectives and related IT risk
D. Industry best practices applicable to the business

Correct Answer: C