Which of the following is the PRIMARY responsibility of an organization’s information security function?

A. Reviewing unauthorized attempts to access sensitive files
B. Managing the organization’s security procedures
C. Approving access to data files
D. Installing network security programs