CISA Certified Information Systems Auditor – Question1414

Accountability for the maintenance of appropriate security measures over information assets resides with the:

A.
security administrator.
B. systems administrator.
C. data and systems owners.
D. systems operations group.

Correct Answer: C

Explanation:

Explanation:
Management should ensure that all information assets (data and systems) have an appointed owner who makes decisions about classification and access rights. System owners typically delegate day-to-day custodianship to the systems delivery/operations group and security responsibilities to a security administrator. Owners, however, remain accountable for the maintenance of appropriate security measures.