When implementing security controls, an information security manager must PRIMARILY focus
on:
A.
minimizing operational impacts.
B.
eliminating all vulnerabilities.
C.
usage by similar organizations.
D.
certification from a third party.
Explanation:
Security controls must be compatible with business needs. It is not feasible to eliminate all
vulnerabilities. Usage by similar organizations does not guarantee that controls are adequate.
Certification by a third party is important, but not a primary concern.