Developing a successful business case for the acquisition of information security software
products can BEST be assisted by:
A.
assessing the frequency of incidents.
B.
quantifying the cost of control failures.
C.
calculating return on investment (ROD projections.
D.
comparing spending against similar organizations.
Explanation:
Calculating the return on investment (ROD will most closely align security with the impact on the
bottom line. Frequency and cost of incidents are factors that go into determining the impact on the
business but, by themselves, are insufficient. Comparing spending against similar organizations
can be problematic since similar organizations may have different business goals and appetites for
risk.