Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?
A. The data center manager has final sign-off on security projects.
B. The information security oversight committee meets quarterly.
C. The information security department has difficulty filling vacancies.
D. Information security policies were last updated two years ago.
A. The data center manager has final sign-off on security projects.
B. The information security oversight committee meets quarterly.
C. The information security department has difficulty filling vacancies.
D. Information security policies were last updated two years ago.