"The Importance of Board Accountability for IT Infrastructure Risk"

C.

The correct answer is C: Risk ownership at the highest level will ensure risk awareness throughout the enterprise.

Assigning accountability for the risk to the board of directors has several benefits. First, the board is responsible for overseeing the enterprise's overall strategic direction, and IT security is a critical aspect of an enterprise's operations. As such, the board needs to be aware of significant risks to the organization's operations, including those related to IT security.

Second, assigning accountability for the risk to the board ensures that risk awareness permeates throughout the enterprise. When the board is accountable for a risk, it sends a message to the rest of the organization that the risk is significant and must be addressed promptly. This helps to create a risk-aware culture within the enterprise, where everyone is cognizant of the potential risks that may arise.

Third, assigning accountability for the risk to the board ensures that the enterprise takes a holistic approach to managing the risk. The board has a bird's eye view of the enterprise and can ensure that the IT security team's remediation efforts align with the enterprise's overall strategic goals and objectives. Additionally, the board can ensure that the resources necessary to address the risk are made available.

While option A is also a valid reason to assign accountability for the risk to the board, it is not the main reason. Option B is too broad and does not provide a specific reason for assigning accountability for the risk to the board. Option D is incorrect as the IT organization can take ownership of self-identified risks, but ultimate accountability should rest with the board to ensure that the risk is addressed in a manner that aligns with the enterprise's overall goals and objectives.