Information security projects should be prioritized on the basis of:
A.
time required for implementation.
B.
impact on the organization.
C.
total cost for implementation.
D.
mix of resources required.
Explanation:
Information security projects should be assessed on the basis of the positive impact that they will have on the organization. Time, cost and resource issues should be subordinate to this objective.