Which of the following IT-related activities is most commonly performed by the second line of defense?
Which of the following IT-related activities is most commonly performed by the second line of defense?
In the context of IT-related activities, the second line of defense typically involves functions that provide oversight and support to the first line of defense, which is responsible for operational management. The second line of defense also ensures compliance with laws, regulations, and internal policies. Therefore, providing an independent assessment of IT security fits well into the responsibility of the second line of defense, as they are responsible for overseeing and ensuring that the first line of defense is performing their operational duties correctly and within the set standards. This independent assessment helps in understanding and managing risks, which is a critical role of the second line.
I believe it's C. Based on this ISACA article: https://www.isaca.org/resources/isaca-journal/issues/2018/volume-4/roles-of-three-lines-of-defense-for-information-security-and-governance. Although it doesn't specifically state it, it does say that the second line is in charge or evaluating the risk and compliance. Reviewing the disaster recovery results would be a step in the evaluation of the unit's risk and/or compliance with their disaster recovery plans. Also, I saw on another bank that is more accurate than examtopics that it was C as well.
Which bank was this please
The ACCA-CIA challenge by Pass4Success says C
C is correct basedon cypersecrity gtag
It's C. D is performed by the 3rd line.
I would think D would be done by 3rd line of defense (internal audit) - BUT, A, B, C all seem to be done by 1st line. So I'm torn. C seems like the most possibly right answer because it's not implementing things like A and B are, but I just don't know. Anyone else have insight on this?