nerdexam
(ISC)2

CISSP · Question #693

What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

The correct answer is A. Quantifiable justification. A Cost-Benefit Analysis (CBA) on security initiatives produces a quantifiable justification by comparing the monetary costs of implementation against the measurable benefits gained, enabling data-driven decision-making for security investments.

Submitted by kev92· Mar 5, 2026Security and Risk Management

Question

What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

Options

  • AQuantifiable justification
  • BBaseline improvement
  • CRisk evaluation
  • DFormalized acceptance

How the community answered

(39 responses)
  • A
    90% (35)
  • B
    8% (3)
  • D
    3% (1)

Why each option

A Cost-Benefit Analysis (CBA) on security initiatives produces a quantifiable justification by comparing the monetary costs of implementation against the measurable benefits gained, enabling data-driven decision-making for security investments.

AQuantifiable justificationCorrect

CBA produces quantifiable justification by translating security investments and their expected returns into measurable financial terms, allowing leadership to objectively evaluate whether a security initiative's benefits (e.g., risk reduction, loss avoidance) outweigh its costs. This numeric output serves as the formal, evidence-based rationale for approving or rejecting a security project.

BBaseline improvement

Baseline improvement refers to measuring changes in a security posture over time against a reference point, which is an outcome metric rather than the primary result of a CBA.

CRisk evaluation

Risk evaluation is a component of the broader risk management process (e.g., risk assessment or risk analysis) and, while it may inform a CBA, it is not the output that a CBA specifically produces.

DFormalized acceptance

Formalized acceptance refers to risk acceptance, a risk response strategy where an organization formally acknowledges and accepts a risk, which is a separate process from performing a cost-benefit analysis.

Concept tested: Cost-Benefit Analysis output for security initiatives

Source: https://csrc.nist.gov/glossary/term/cost_benefit_analysis

Topics

#cost-benefit analysis#security investment#justification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice