Senior management commitment and support for information security can BEST be obtained
through presentations that:
A.
use illustrative examples of successful attacks.
B.
explain the technical risks to the organization.
C.
evaluate the organization against best security practices.
D.
tie security risks to key business objectives.
Explanation:
Senior management seeks to understand the business justification for investing in security. This
can best be accomplished by tying security to key business objectives. Senior management will
not be as interested in technical risks or examples of successful attacks if they are not tied to the
impact on business environment and objectives. Industry best practices are important to senior
management but, again, senior management will give them the right level of importance when they
are presented in terms of key business objectives.