In an organization, an Information Technology security function should:
A . Be a function within the information systems function of an organization.
B . Report directly to a specialized business unit such as legal, corporate security or insurance.
C . Be lead by a Chief Security Officer and report directly to the CE
E . Be independent but report to the Information Systems function.
Answer: C
Explanation: In order to offer more independence and get more attention from management, an IT security function should be independent from IT and report directly to the CEO. Having it report to a specialized business unit (e.g. legal) is not recommended as it promotes a low technology view of the function and leads people to believe that it is someone else’s problem. Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999.
Latest SSCP Dumps Valid Version with 1074 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund