Multiple Answer - Select all answers that apply. Timely detection and correction of problems is a key component of COBIT, however, many corrective controls must rely on human judgment. For this reason, the effectiveness of corrective controls depends on proper planning and preparation. Companies can designate a Chief Information Security Officer (CISO) to help address incidents and reduce response time. Which of the following statements are TRUE? The CISO should report to the Chief Information Officer (CIO). The CISO can help an organization build a well-trained incident response foam (CIAT) The CISO should work closely with the person in charge of physical security The CISO should remain independent of information systems functions and act as an impartial assessor of the IT environment