Question

Because it takes time to change an organization’s culture, the ISO must continually monitor security policy compliance. The ISO reports to leadership on the current effectiveness of the security policies and will also have to ask the business to accept any residual risk or come up with a way to reduce it. True False

Answer 1

True

Step-by-step explanation:

Part of the roles of an Information Security Officer (ISO) is monitoring the network usage to ensure compliance with security policies and collaborating with management and the IT department to improve security.

This means that he must keep the organization informed about the shortfalls of the security system while the organization is still trying to get adapted to using it.

Residual risk comes up if the system is not a 100% secure. It is the amount of risk that usually remains after implementing a security system. If a system is 99% secure, that means that it is 1% vulnerable, and that is the residual risk.

It is the Job of the ISO to inform the company about any residual risk in a security policy or come up with measures aimed at mitigating it.

This makes the correct option True