The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?
A. The strategy does not include a cost-benefit analysis.
B. The CISO reports to the CIO.
C. There was a lack of engagement with the business during development.
D. The strategy does not comply with security standards.
A. The strategy does not include a cost-benefit analysis.
B. The CISO reports to the CIO.
C. There was a lack of engagement with the business during development.
D. The strategy does not comply with security standards.