CISM Certified Information Security Manager – Question0558

An information security manager is reviewing the business case for a security project that is entering the development phase. It is determined that the estimated cost of the controls is now greater than the risk being mitigated. The information security manager’s BEST recommendation would be to:

A.
eliminate some of the controls from the project scope.
B. discontinue the project to release funds for other efforts.
C. pursue the project until the benefits cover the costs.
D. slow the pace of the project to spread costs over a longer period.

Correct Answer: A