What are the four areas into which it is recommended to separate the functions of security?
What will be an ideal response?
Functions performed by nontechnology business units outside the IT area of managementcontrolFunctions performed by IT groups outside the InfoSec area of management controlFunctions performed within the InfoSec department as a customer service to the organizationand its external partnersFunctions performed within the InfoSec department as a compliance enforcement obligation
You might also like to view...
Users can apply sorts to report fields
Indicate whether the statement is true or false
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
A. cost analysis B. cost-benefit analysis C. benefit analysis D. none of the above