PdfPrep.com

Which of the following roles would represent a conflict of interest for an information security manager?

Which of the following roles would represent a conflict of interest for an information security manager?
A . Evaluation of third parties requesting connectivity
B . Assessment of the adequacy of disaster recovery plans
C . Final approval of information security policies
D . Monitoring adherence to physical security controls

Answer: C

Explanation:

Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.

Exit mobile version