Certified Information Systems Auditor (CISA) — Question 862
For effective IT governance, it is MOST important to have an independent reporting line for which of the following IT functions?
Answer options
- A. Risk management
- B. Infrastructure
- C. Operations
- D. Security
Correct answer: D
Explanation
Having an independent reporting line for Security is crucial because it ensures that security concerns are addressed without conflicts of interest that may arise from other IT functions. Risk management, Infrastructure, and Operations, while important, do not require the same level of independence to effectively manage security risks.