A multinational corporation is implementing an information security governance framework. The board has requested a mechanism to ensure that security investments align with business objectives. Which of the following is the BEST approach to achieve this alignment?
Trap 1: Minimize security spending to maximize ROI.
Cost reduction may compromise necessary security controls.
Trap 2: Adopt a best-practice framework such as NIST CSF and implement all…
May not address specific business needs or risk tolerance.
Trap 3: Focus on regulatory compliance to ensure legal requirements are met.
Compliance is necessary but insufficient for full alignment with business objectives.
- A
Minimize security spending to maximize ROI.
Why wrong: Cost reduction may compromise necessary security controls.
- B
Adopt a best-practice framework such as NIST CSF and implement all controls.
Why wrong: May not address specific business needs or risk tolerance.
- C
Focus on regulatory compliance to ensure legal requirements are met.
Why wrong: Compliance is necessary but insufficient for full alignment with business objectives.
- D
Develop a risk-based prioritization framework linking security initiatives to business risk appetite.
Directly aligns security investments with business objectives through risk management.