What are the advantages and disadvantages of having the person responsible for information security report directly to the chief information officer (CIO), who has overall responsibility for all aspects of the organization's information systems?
What will be an ideal response?
It is important for the person responsible for security (the CISO) to report to senior management. Having the person responsible for information security report to a member of the executive committee such as the CIO, formalizes information security as a top management issue.
One potential disadvantage is that the CIO may not always react favorably to reports indicating that shortcuts have been taken with regard to security, especially in situations where following the recommendations for increased security spending could result in failure to meet budgeted goals. Therefore, just as the effectiveness of the internal audit function is improved by having it report to someone other than the CFO, the security function may also be more effective if it reports to someone who does not have responsibility for information systems operations.
You might also like to view...
A recent Consumer Reports study analyzed toasters and found that the average performance rating for all toasters tested was 70 with an average price of $33
Coffers is a brand of toaster that sells for $32 and received an overall performance rating of 84. What is Coffers's relative performance against other toasters tested? A) 4 B) 38 C) 83.5 D) 98.5 E) 120
When introducing marketing to an organization, initial marketing projects should have:
a. a high level of investment to get the biggest impact b. a long period of duration to convey the full impact of the a marketing orientation c. a high impact on making or saving money for the institution d. a low financial impact in case it doesn't work so the organization has less risk e. low visibility so that if it fails the Board won't notice