What would a security manager PRIMARILY utilize when proposing the implementation of a
security solution?
A.
Risk assessment report
B.
Technical evaluation report
C.
Business case
D.
Budgetary requirements
Explanation:
The information security manager needs to prioritize the controls based on risk management and
the requirements of the organization. The information security manager must look at the costs of
the various controls and compare them against the benefit the organization will receive from the
security solution. The information security manager needs to have knowledge of the development
of business cases to illustrate the costs and benefits of the various controls. All other choices are
supplemental.