CISA Certified Information Systems Auditor – Question0784

Which of the following would provide the STRONGEST indication that senior management commitment to information security is lacking within an organization?

A.
Inconsistent enforcement of information security policies
B. A reduction in information security investment
C. A high of information security risk acceptance
D. The information security manager reports to the chief risk officer

Correct Answer: A