In an organization, an Information Technology security function should:
A. Be a function within the information systems functions of an organization
B. Report directly to a specialized business unit such as legal, corporate security or insurance
C. Be lead by a Chief Security Officer and report directly to the CEO
D. Be independent but report to the Information Systems function