CISM Certified Information Security Manager – Question0319

Which of the following is MOST important to consider when developing a business case to support the investment in an information security program?

A.
Senior management support
B. Results of a cost-benefit analysis
C. Results of a risk assessment
D. Impact on the risk profile

Correct Answer: D

Explanation:

Explanation The information security manager must understand the business risk profile of the organization. No model provides a complete picture, but logically categorizing the risk areas of an organization facilitates focusing on key risk management strategies and decisions. It also enables the organization to develop and implement risk treatment approaches that are relevant to the business and cost effective.