CISM Certified Information Security Manager – Question0888

Which of the following would be the information security manager’s BEST course of action to gain approval for investment in a technical control?

A.
Perform a cost-benefit analysis.
B. Conduct a risk assessment.
C. Calculate the exposure factor.
D. Conduct a business impact analysis (BIA).

Correct Answer: D