Certified in Risk and Information Systems Control (CRISC) — Question 762

Which of the following is the STRONGEST indication an organization has ethics management issues?

Answer options

• A. Employees face sanctions for not signing the organization's acceptable use policy.
• B. The organization has only two lines of defense.
• C. Internal IT auditors report to the chief information security officer (CISO).
• D. Employees do not report IT risk issues for fear of consequences.

Correct answer: D

Explanation

Option D is the strongest indication of ethics management issues, as it suggests a fear-based culture that discourages transparency and reporting. Options A, B, and C may indicate structural or procedural issues, but they do not directly reflect an ethical concern regarding employee behavior and reporting mechanisms.