In an organization, an Information Technology security function should:

SSCP 0 Comments

In an organization, an Information Technology security function should:
A .  Be a function within the information systems function of an organization.
B .  Report directly to a specialized business unit such as legal, corporate security or insurance.
C .  Be lead by a Chief Security Officer and report directly to the CE
E .  Be independent but report to the Information Systems function.

Answer: C

Explanation: In order to offer more independence and get more attention from management, an IT security function should be independent from IT and report directly to the CEO. Having it report to a specialized business unit (e.g. legal) is not recommended as it promotes a low technology view of the function and leads people to believe that it is someone else’s problem. Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.

Latest SSCP Dumps Valid Version with 1074 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SSCP PDF     SSCP Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments