The CoBIT framework is divided into four domains of knowledge; the text discussed three types of controls related to information security. Which of the following statements is most true?
A)In the "plan and organize" domain, systems designers should think about all three types of controls.
B)Only technical security controls are relevant in the "deliver and support" domain.
C)Administrative security controls are relevant only in the "plan and organize" domain.
D)No controls are necessary in the "monitor and evaluate" domain.

Question

Quizplus · Accepted Answer

The text states that in the "plan and organize" domain, all three types of controls (technical, administrative, and physical) should be considered by systems designers. Therefore, option A is the most true statement. Option B is incorrect because all three types of controls are relevant in all four domains, including "deliver and support". Option C is incorrect because administrative security controls are relevant in all four domains. Option D is incorrect because the "monitor and evaluate" domain involves monitoring the effectiveness of controls in all four domains, and making improvements if necessary.

The CoBIT Framework Is Divided into Four Domains of Knowledge;