ITに関するI1Aガイダンスによると。情報セキュリティに関する次の活動のうち、経営陣、内部監査人、または取締役会ではなく、ライン管理者の責任である可能性が最も高いのはどれですか?
正解:A
* Understanding Information Security Responsibilities:
* Executive management sets the overall strategy and ensures resources are allocated for information security.
* Internal auditors provide independent assurance on security effectiveness.
* The board provides oversight and ensures that security risks are managed appropriately.
* Line management is responsible for day-to-day operations, including the review and monitoring of security controls to ensure compliance with security policies.
* Why Reviewing and Monitoring Security Controls is a Line Management Function:
* Line management directly oversees operational security measures, ensuring that established controls are functioning effectively.
* They address security gaps, enforce security policies, and report issues to senior management when necessary.
* This aligns with IIA Standard 2120 - Risk Management, which requires management to implement and monitor risk mitigation controls.
* Why Other Options Are Incorrect:
* B. Dedicate sufficient security resources: This is the responsibility of executive management, as they control resource allocation.
* C. Provide oversight to the security function: The board and executive management provide oversight, not line management.
* D. Assess information control environments: Internal auditors assess control environments, ensuring compliance and effectiveness.
* IIA Standards and References:
* IIA Standard 2110 - Governance: Emphasizes the board's role in overseeing security.
* IIA Standard 2120 - Risk Management: States that management must monitor security risks.
* IIA GTAG (Global Technology Audit Guide) on Information Security (2016): Outlines that line management is responsible for monitoring security controls on a daily basis.
Thus, the correct answer is A: Review and monitor security controls.