A security manager is preparing a report to obtain the commitment of executive management to a
security program. Inclusion of which of the following would be of MOST value?
A.
Examples of genuine incidents at similar organizations
B.
Statement of generally accepted best practices
C.
Associating realistic threats to corporate objectives
D.
Analysis of current technological exposures
Explanation:
Linking realistic threats to key business objectives will direct executive attention to them. All other
options are supportive but not of as great a value as choice C when trying to obtain the funds for a
new program.