Question

Which of the following is not one of the approaches used to achieve the management of an IT control framework?

A. Information Systems Audit and Control Association control objectives for IT
B. The International Organization for Standardization 17799, Code of Practice for Information Security Management
C. The Information Technology Infrastructure Library
D. Sarbanes-Oxley Act section on IT Controls

Answer 1

Option D, the Sarbanes-Oxley Act section on IT Controls, is not an approach but a regulation that enforces management of an IT control framework, making it the correct answer.

Step-by-step explanation:

The question is asking which option is not an approach used to manage an IT control framework. The options A, B, and C: Information Systems Audit and Control Association control objectives for IT (COBIT), The International Organization for Standardization ISO/IEC 27002 (formerly 17799), and The Information Technology Infrastructure Library (ITIL), are all established frameworks or standards that are used to guide the management of IT control environments.

Option D, the Sarbanes-Oxley Act section on IT Controls, is a regulation that mandates companies to follow certain practices, which could include the adoption of control frameworks like COBIT but is itself not a control framework. Therefore, option D is the correct answer as it is not an approach but a regulation that enforces the management of an IT control framework.