CISA Certified Information Systems Auditor – Question2736
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.
Correct Answer: D
Explanation:
Explanation:
Normally, the designing of an information systems security policy is the responsibility of top management or the board of directors. The IS department is responsible for the execution of the policy, having no authority in framing the policy. The security committee also functions within the broad security policy framed by the board of directors. The security administrator is responsible for implementing, monitoring and enforcing the security rules that management has established and authorized.
Please disable your adblocker or whitelist this site!