Skip to Content

ISACA CISM: Justify Information Security Investments for Residual Risk Reduction

Learn how reducing residual risk effectively justifies continued investments in your information security program. Discover strategies for risk management and maximizing ROI.

Table of Contents

Question

Which of the following would BEST justify continued investment in an information security program?

A. Speed of implementation
B. Reduction in residual risk
C. Industry peer benchmarking
D. Security framework alignment

Answer

B. Reduction in residual risk

Explanation

Investing in an information security program aims to lower the organization’s overall risk exposure. Demonstrating a decrease in residual risk, which is the risk remaining after implementing controls, offers the most compelling evidence for the program’s effectiveness and justifies further investment.

Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.