The management staff of an organization that does not have a dedicated security function decide to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager:
A.
report risks in other departments.
B.
obtain support from other departments.
C.
report significant security risks.
D.
have knowledge of security standards.
Explanation:
The IT manager needs to report the security risks in the environment pursuant to the security review, including risks in the IT implementation. Choices A, B and D are important, but not the main responsibilities or job requirements.