Question 71
Main Page
The COO wants to delegate security functions to operations. What should the CISO emphasize in response?
A. Security is a purely technical function
B. Information security is a shared responsibility, but requires centralized governance
C. Operations has no stake in security
D. Only IT should manage access controls
Answer: B. Information security is a shared responsibility, but requires centralized governance
While many teams contribute, security governance must be coordinated centrally to maintain policy alignment and strategic oversight.