CISM Certified Information Security Manager – Question0964

The return on investment of information security can BEST be evaluated through which of the following?

A.
Support of business objectives
B. Security metrics
C. Security deliverables
D. Process improvement models

Correct Answer: A

Explanation:

Explanation:
One way to determine the return on security investment is to illustrate how information security supports the achievement of business objectives. Security metrics measure improvement and effectiveness within the security practice but do not tie to business objectives. Similarly, listing deliverables and creating process improvement models does not necessarily tie into business objectives.