The return on investment of information security can BEST be evaluated through which of the
following?
A.
Support of business objectives
B.
Security metrics
C.
Security deliverables
D.
Process improvement models
Explanation:
One way to determine the return on security investment is to illustrate how information security
supports the achievement of business objectives. Security metrics measure improvement and
effectiveness within the security practice but do not tie to business objectives. Similarly, listing
deliverables and creating process improvement models does not necessarily tie into business
objectives.