An organization’s board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information.
What actions should the board take next?
A . Direct information security on what they need to do
B . Research solutions to determine the proper solutions
C . Require management to report on compliance
D . Nothing; information security does not report to the board
Answer: C
Explanation:
Information security governance is the responsibility of the board of directors and executive management. In this instance, the appropriate action is to ensure that a plan is in place for implementation of needed safeguards and to require updates on that implementation.