To justify its ongoing security budget, which of the following would be of MOST use to the information security’ department?

To justify its ongoing security budget, which of the following would be of MOST use to the information security’ department?
A . Security breach frequency
B . Annualized loss expectancy (ALE)
C . Cost-benefit analysis
D . Peer group comparison

View Answer

Answer: C

Explanation:

Cost-benefit analysis is the legitimate way to justify budget. The frequency of security breaches may assist the argument for budget but is not the key tool; it does not address the impact. Annualized loss expectancy (ALE) does not address the potential benefit of security investment. Peer group comparison would provide a good estimate for the necessary security budget but it would not take into account the specific needs of the organization.