CISM Question #74: Real Exam Question with Answer & Explanation

Question

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Options

• AThe solution contributes to business strategy.
• BThe solution improves business risk tolerance levels.
• CThe solution reduces the cost of noncompliance with regulations.
• DThe solution improves business resiliency.

Explanation

To justify a new security solution investment to senior management, the best business case demonstrates that the solution directly contributes to the overall business strategy.

Common mistakes.

• B. Improving business risk tolerance levels is an outcome of security, but linking the solution to the broader business strategy provides a more compelling and higher-level justification for senior management.
• C. Reducing the cost of noncompliance with regulations is an important benefit, but it is often a tactical or operational justification, whereas contributing to overall business strategy is a higher-level, more impactful argument.
• D. Improving business resiliency is a key benefit of security, but like risk tolerance and compliance, it's a specific aspect; contributing to the entire business strategy encompasses these benefits and presents a more comprehensive and strategic justification.

Concept tested. Justifying security investments

No community discussion yet for this question.