Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 120

According to The IIA's Three Lines Model, which of the following IT security activities is commonly shared by all three lines?

Answer options

• A. Assessments of third parties and suppliers.
• B. Recruitment and retention of certified IT talent.
• C. Classification of data and design of access privileges.
• D. Creation and maintenance of secure network and device configuration.

Correct answer: C

Explanation

The correct answer, C, refers to fundamental security practices that require input and cooperation from all three lines of defense, ensuring effective data management and access control. Options A and B are more specific to roles and responsibilities, while D focuses on a technical aspect that, while important, does not encompass the collaborative nature of the three lines as effectively as C.