Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?
While calculating precise ROI can be challenging for certain security initiatives, estimating the reduction in risk provides a qualitative measure of the initiative's potential impact. Highlighting the expected decrease in the likelihood and impact of security incidents, as well as the potential harm to the organization, can help justify the investment in information security.
Options A, B, and C are valuable considerations in a business case, but they may not capture the essence of the security initiative's impact as effectively as emphasizing the anticipated reduction in risk.
Business case is the key word here. Business case should contain risk tagged with the Business so that senior management makes appropriate decisions based on that.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Viperhunter
3 months, 3 weeks agorichck102
9 months, 3 weeks agoSSP_Secure
1 year, 2 months agomad68
1 year, 4 months ago