An IT security team identified a significant weakness in the enterprise’s Internet-facing infrastructure. The exposure requires immediate corrective action that is both cost and resource intensive. Which of the following is the MAIN reason why accountability for this risk should be assigned to the board of directors?
A. The exploit can cause serious disruptions to the enterprise’s reputation and profitability.
B. The board should be aware of risks concerning organizational operations.
C. Risk ownership at the highest level will ensure risk awareness throughout the enterprise.
D. The IT organization cannot take ownership for self-identified risks concerning infrastructure security.
A. The exploit can cause serious disruptions to the enterprise’s reputation and profitability.
B. The board should be aware of risks concerning organizational operations.
C. Risk ownership at the highest level will ensure risk awareness throughout the enterprise.
D. The IT organization cannot take ownership for self-identified risks concerning infrastructure security.