Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A. Areas of highest risk may not be adequately prioritized for treatment
B. Redundant controls may be implemented across divisions
C. Information security governance could be decentralized by division
D. Return on investment may be inconsistently reported to senior management
A. Areas of highest risk may not be adequately prioritized for treatment
B. Redundant controls may be implemented across divisions
C. Information security governance could be decentralized by division
D. Return on investment may be inconsistently reported to senior management