Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISM Topic 3 Question 92 Discussion

Actual exam question for Isaca's CISM exam
Question #: 92
Topic #: 3
[All CISM Questions]

Which of the following would be MOST important to include in a proposal justifying investments for an organization's information security program?

Show Suggested Answer Hide Answer
Suggested Answer: D

Comprehensive and Detailed Step-by-Step Explanation:

Justifying investments in information security requires aligning proposals with business objectives to gain management approval.

A . Vulnerability scan results: These provide technical insights but are insufficient for high-level justification.

B . Competitor benchmark analysis: While useful, this is less relevant than demonstrating direct alignment with organizational needs.

C . Previous security budget: Historical data may provide context but does not justify future needs.

D . Business requirements: This is the BEST answer because aligning security investments with business objectives demonstrates the value and necessity of the program to stakeholders.


by Isabella at Jan 28, 2025, 09:50 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tonette
4 months ago
D) Business requirements, for sure. Can't protect what you don't understand. Although, maybe throw in some cat pics to really seal the deal. Security folks love cats, right?
upvoted 0 times
Howard
3 months ago
D) Business requirements
upvoted 0 times
...
Lajuana
3 months ago
A) Vulnerability scan results
upvoted 0 times
...
...
Beth
4 months ago
I'm going with B) Competitor benchmark analysis. Gotta stay ahead of the competition, even in security!
upvoted 0 times
...
Peggie
4 months ago
I still think business requirements should take precedence, as they align the security investments with the organization's goals.
upvoted 0 times
...
Howard
4 months ago
That's a good point, Vicky. Vulnerability scan results can demonstrate the current risks and vulnerabilities.
upvoted 0 times
...
Kandis
4 months ago
I'd say A) Vulnerability scan results. Showing the actual risks you're facing is key to justifying the investment.
upvoted 0 times
...
Vicky
4 months ago
But wouldn't vulnerability scan results also be important to show the need for investment in security?
upvoted 0 times
...
Peggie
4 months ago
I agree with Howard, business requirements are crucial for justifying investments.
upvoted 0 times
...
Vanna
4 months ago
Definitely D) Business requirements. That's the foundation for any security program. Gotta know what you're protecting, right?
upvoted 0 times
Leanora
3 months ago
Definitely D) Business requirements. That's the foundation for any security program. Gotta know what you're protecting, right?
upvoted 0 times
...
Jani
3 months ago
D) Business requirements
upvoted 0 times
...
Yan
4 months ago
C) Previous security budget
upvoted 0 times
...
Kattie
4 months ago
B) Competitor benchmark analysis
upvoted 0 times
...
Salena
4 months ago
A) Vulnerability scan results
upvoted 0 times
...
...
Howard
5 months ago
I think the most important thing to include would be business requirements.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77