b) Security requirements Security requirements are the outputs of the risk management activity. Inputs to the risk management and information security strategy include business strategy, business processes, risk assessments, business input analysis, information resources, and regulatory requirements. Solution b) Security requirements Security requirements are the outputs of the risk management activity. Inputs to the risk management and information security strategy include business strategy, business processes, risk assessments, business input analysis, information resources, and regulatory requirements..