Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?

A. Information systems security officer
B. Head of retail
C. Chief risk officer
D. Chief information officer