To justify its ongoing security budget, which of the following would be of MOST use to the
information security’ department?
A.
Security breach frequency
B.
Annualized loss expectancy (ALE)
C.
Cost-benefit analysis
D.
Peer group comparison
Explanation:
Cost-benefit analysis is the legitimate way to justify budget. The frequency of security breaches
may assist the argument for budget but is not the key tool; it does not address the impact.
Annualized loss expectancy (ALE) does not address the potential benefit of security investment.Peer group comparison would provide a good estimate for the necessary security budget but it
would not take into account the specific needs of the organization.