C. Assigning roles and responsibilities for owners, controllers, and custodians
Explanation:
One of the most critical elements of effective security governance is ensuring that clear roles and responsibilities are assigned to individuals or groups within the organization, such as owners, controllers, and custodians. These roles define who is responsible for the security of data, systems, and processes, ensuring accountability and alignment with security policies and practices.
Breakdown of the other options:
A. Discovering and documenting external considerations: While important for risk management, external considerations are secondary to defining internal roles and responsibilities in governance.
B. Developing procedures for employee onboarding and offboarding: This is essential for operational security but falls under procedural management rather than governance itself.
D. Defining and monitoring change management procedures: While important for maintaining security, this is a part of operational controls rather than the core structure of security governance.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
test_arrow
1 day, 14 hours ago