CISM Certified Information Security Manager – Question0341

Which of the following approaches is BEST for selecting controls to minimize information security risks?

A.
Cost-benefit analysis
B. Control-effectiveness
C. Risk assessment
D. Industry best practices

Correct Answer: C