Learn how reducing residual risk effectively justifies continued investments in your information security program. Discover strategies for risk management and maximizing ROI.
Table of Contents
Question
Which of the following would BEST justify continued investment in an information security program?
A. Speed of implementation
B. Reduction in residual risk
C. Industry peer benchmarking
D. Security framework alignment
Answer
B. Reduction in residual risk
Explanation
Investing in an information security program aims to lower the organization’s overall risk exposure. Demonstrating a decrease in residual risk, which is the risk remaining after implementing controls, offers the most compelling evidence for the program’s effectiveness and justifies further investment.
Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.