To justify its ongoing security budget, which of the following would be of MOST use to the information security’ department?
A . Security breach frequency
B . Annualized loss expectancy (ALE)
C . Cost-benefit analysis
D . Peer group comparison
Answer: C
Explanation:
Cost-benefit analysis is the legitimate way to justify budget. The frequency of security breaches may assist the argument for budget but is not the key tool; it does not address the impact. Annualized loss expectancy (ALE) does not address the potential benefit of security investment. Peer group comparison would provide a good estimate for the necessary security budget but it would not take into account the specific needs of the organization.