Within the organizational environment, the security function should report to an organizational level
that

A.
Has information technology oversight.

B.
Has autonomy from other levels.

C.
Is an external operation.

D.
Provides the internal audit function.