CISM Certified Information Security Manager – Question0436

Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?

A.
Effectiveness of controls
B. Risk reduction associated with the system
C. Audit-logging capabilities
D. Benchmarking results

Correct Answer: B