From an information security manager perspective, what is the immediate benefit of clearlydefined roles and responsibilities?
A.
Enhanced policy compliance
B.
Improved procedure flows
C.
Segregation of duties
D.
Better accountability
Explanation:
Without well-defined roles and responsibilities, there cannot be accountability. Choice A is
incorrect because policy compliance requires adequately defined accountability first and therefore
is a byproduct. Choice B is incorrect because people can be assigned to execute procedures that
are not well designed. Choice C is incorrect because segregation of duties is not automatic, and
roles may still include conflicting duties.