CISM Certified Information Security Manager – Question1152 - CISM Certified Information Security Manager

The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager

A. report risks in other departments.
B. obtain support from other departments.
C. report significant security risks.
D. have knowledge of security standards.

Correct Answer: C

Explanation:

Explanation:
The IT manager needs to report the security risks in the environment pursuant to the security review, including risks in the IT implementation. Choices A, B and D are important, but not the main responsibilities or job requirements.