CISA Certified Information Systems Auditor – Question0970

Which of the following stakeholders should be PRIMARILY responsible for developing, implementing, and monitoring metrics for security activities?

A.
Chief technology officer
B. Security incident response team
C. Chief information security officer
D. IT steering committee

Correct Answer: C