CISM Certified Information Security Manager – Question0054 - CISM Certified Information Security Manager

Which of the following is responsible for legal and regulatory liability?

A. Chief security officer (CSO)
B. Chief legal counsel (CLC)
C. Board and senior management
D. Information security steering group

Correct Answer: C

Explanation:

Explanation: The board of directors and senior management are ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.