CISM Certified Information Security Manager – Question0268
What is the BEST technique to determine which security controls to implement with a limited budget? A. Risk analysis B. Annualized loss expectancy (ALE) calculations C. Cost-benefit analysis D. Impact analysis
Correct Answer: C
Explanation:
Explanation:
Cost-benefit analysis is performed to ensure that the cost of a safeguard does not outweigh its benefit and that the best safeguard is provided for the cost of implementation. Risk analysis identifies the risks and suggests appropriate mitigation. The annualized loss expectancy (ALE) is a subset of a cost-benefit analysis. Impact analysis would indicate how much could be lost if a specific threat occurred.
Please disable your adblocker or whitelist this site!