Question 10
Which of the following roles would represent a conflict of interest for an information security manager?
Evaluation of third parties requesting connectivity
Assessment of the adequacy of disaster recovery plans
Final approval of information security policies
Monitoring adherence to physical security controls
Correct answer: C
Explanation:
Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.
Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.