CISM Certified Information Security Manager – Question0978

After an information security business case has been approved by senior management, it should be:

A.
used to design functional requirements for the solution.
B. used as the foundation for a risk assessment.
C. referenced to build architectural blueprints for the solution.
D. reviewed at key intervals to ensure intended outcomes.

Correct Answer: D