What actions should the board take next?

Posted by: Pdfprep Category: CISM Tags: , ,

An organization’s board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information.

What actions should the board take next?
A . Direct information security on what they need to do
B . Research solutions to determine the proper solutions
C . Require management to report on compliance
D . Nothing; information security does not report to the board

Answer: C

Explanation:

Information security governance is the responsibility of the board of directors and executive management. In this instance, the appropriate action is to ensure that a plan is in place for implementation of needed safeguards and to require updates on that implementation.

Leave a Reply

Your email address will not be published.