Which of the following is the PRIMARY responsibility of the board of directors regarding information security governance?
Trap 1: Performing technical vulnerability assessments
This is a technical task assigned to security engineers or analysts.
Trap 2: Approving specific security tools and technologies
This is an operational decision typically delegated to management.
Trap 3: Conducting daily security monitoring activities
This is a tactical function performed by security operations teams.
- A
Performing technical vulnerability assessments
Why wrong: This is a technical task assigned to security engineers or analysts.
- B
Approving specific security tools and technologies
Why wrong: This is an operational decision typically delegated to management.
- C
Conducting daily security monitoring activities
Why wrong: This is a tactical function performed by security operations teams.
- D
Setting the strategic direction and oversight of the security programme
The board provides strategic direction and oversight, ensuring alignment with business goals.