Which of the following BEST describes an information security manager’s role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
A . Ensure that all IT risks are identified
B . Evaluate the impact of information security risks
C . Demonstrate that IT mitigating controls are in place
D . Suggest new IT controls to mitigate operational risk
Answer: B
Explanation:
The job of the information security officer on such a team is to assess the risks to the business operation. Choice A is incorrect because information security is not limited to IT issues. Choice C is incorrect because at the time a team is formed to assess risk, it is premature to assume that any demonstration of IT controls will mitigate business operations risk. Choice D is incorrect because it is premature at the time of the formation of the team to assume that any suggestion of new IT controls will mitigate business operational risk.