Question 67
Main Page
A new CISO joins a manufacturing firm and discovers that only IT owns and manages risks. What is a major concern with this setup?
A. IT controls will be too advanced
B. Risks outside IT are likely unaddressed
C. The helpdesk won't be consulted
D. Patch management will be delayed
Answer: B. Risks outside IT are likely unaddressed
When only IT owns risks, non-technical risks in business processes or third-party arrangements are neglected.