An IT management group has developed a standardized security control checklist and distributed it to the control self-assessors in each organizational unit. Which of the following is the GREATEST risk in this approach?
A. Delayed feedback may increase exposures
B. Over time the checklist may become outdated
C. Assessors may manipulate the results
D. Business-specific vulnerabilities may be overlooked
A. Delayed feedback may increase exposures
B. Over time the checklist may become outdated
C. Assessors may manipulate the results
D. Business-specific vulnerabilities may be overlooked