CISA Certified Information Systems Auditor – Question0639

An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?

A.
Demonstrate alignment of the information security function with business needs.
B. Escalate noncompliance concerns to the internal audit manager.
C. Report the risk and status of the information security program to the board.
D. Revise the information security strategy to meet executive management’s expectations.

Correct Answer: A