CISA Certified Information Systems Auditor – Question2767 - CISA Certified Information Systems Auditor

When an organization is outsourcing their information security function, which of the following should be kept in the organization?

A. Accountability for the corporate security policy
B. Defining the corporate security policy
C. Implementing the corporate security policy
D. Defining security procedures and guidelines

Correct Answer: A

Explanation:

Explanation:
Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.