CISM Certified Information Security Manager – Question0619

Planning for the implementation of an information security program is MOST effective when it:

A.
uses decision trees to prioritize security projects
B. applies gap analysis to current and future business plans
C. uses risk-based analysis for security projects
D. applies technology-driven solutions to identified needs

Correct Answer: C