Certified Information Security Manager (CISM) — Question 350

Which of the following is BEST suited to provide regular reporting to the board regarding the status of compliance to a global security standard?

Answer options

• A. Legal counsel
• B. Quality assurance (QA)
• C. Information security
• D. Internal audit

Correct answer: D

Explanation

The Internal audit function is specifically designed to assess compliance and provide objective reporting to the board. Legal counsel, Quality assurance, and Information security may not have the same level of focus on compliance reporting or may prioritize other aspects of their roles.