The management staff of an organization that does not have a dedicated security function decides
to use its IT manager to perform a security review. The MAIN job requirement in this arrangement
is that the IT manager
A.
report risks in other departments.
B.
obtain support from other departments.
C.
report significant security risks.
D.
have knowledge of security standards.
Explanation:
The IT manager needs to report the security risks in the environment pursuant to the security
review, including risks in the IT implementation. Choices A, B and D are important, but not the
main responsibilities or job requirements.