Investment in security technology and processes should be based on:
A.
clear alignment with the goals and objectives of the organization.
B.
success cases that have been experienced in previous projects.
C.
best business practices.
D.
safeguards that are inherent in existing technology.
Explanation:
Organization maturity level for the protection of information is a clear alignment with goals and
objectives of the organization. Experience in previous projects is dependent upon other business
models which may not be applicable to the current model. Best business practices may not be
applicable to the organization’s business needs. Safeguards inherent to existing technology are
low cost but may not address all business needs and/or goals of the organization.