Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

Which of the following factors is a PRIMARY driver for information security governance that does
not require any further justification?

Which of the following factors is a PRIMARY driver for information security governance that does
not require any further justification?

A.
Alignment with industry best practices

B.
Business continuity investment

C.
Business benefits

D.
Regulatory compliance

Explanation:

Regulatory compliance can be a standalone driver for an information security governance
measure. No further analysis nor justification is required since the entity has no choice in the
regulatory requirements. Buy-in from business managers must be obtained by the information
security manager when an information security governance measure is sought based on its
alignment with industry best practices. Business continuity investment needs to be justified by
business impact analysis. When an information security governance measure is sought based on
qualitative business benefits, further analysis is required to determine whether the benefits
outweigh the cost of the information security governance measure in question.



Leave a Reply 0

Your email address will not be published. Required fields are marked *