which mitigating controls should be implemented?

seenagapeApril 26, 2014

After completing a full IT risk assessment, who can BEST decide which mitigating controls should
be implemented?

PrepAway - Latest Free Exam Questions & Answers

A.
Senior management

B.
Business manager

C.
IT audit manager

D.
Information security officer (ISO)

Explanation:
The business manager will be in the best position, based on the risk assessment and mitigation
proposals. to decide which controls should/could be implemented, in line with the business
strategy and with budget. Senior management will have to ensure that the business manager has
a clear understanding of the risk assessed but in no case will be in a position to decide on specific
controls. The IT audit manager will take part in the process to identify threats and vulnerabilities,
and to make recommendations for mitigations. The information security officer (ISO) could make
some decisions regarding implementation of controls. However, the business manager will have a
broader business view and full control over the budget and, therefore, will be in a better position to
make strategic decisions.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

which mitigating controls should be implemented?

Leave a Reply Cancel reply