39. An IT consultant has made the following statements about go pic's cyber security procedures:

Statement (1): The procedures should be followed only by senior management and staff within the IT function

Statement (2): To comply with relevant legislation, the procedures should protect the sensitive personal data that is held on Ugo plc's computerised systems.

Identify whether these statements are accurate or Inaccurate.

A. Statement (1) accurate; Statement (2) inaccurate

B. Statement (1) inaccurate; Statement (2) inaccurate

C. Statement (1) accurate; Statement (2) accurate

D. Statement (1) inaccurate; Statement (2) accurate

40. Timely plc is reviewing security in its information system and has identified a number of risks facing it. To improve risk management of the system the company has told is employees that any computer by

them will result in disciplinary action.

What aspect of risk management has Timely pic employed regarding information security?

A Risk transfer

B. Risk acceptance

C. Risk reduction

D. Risk avoidance