CISA Certified Information Systems Auditor – Question0670

Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?

A.
The data center manager has final sign-off on security projects.
B. The information security oversight committee meets quarterly.
C. The information security department has difficulty filling vacancies.
D. Information security policies were last updated two years ago.

Correct Answer: C