CISM Certified Information Security Manager – Question0074

Who is ultimately responsible for the organization's information?

A.
Data custodian
B. Chief information security officer (CISO)
C. Board of directors
D. Chief information officer (CIO)

Correct Answer: C

Explanation:

Explanation:
The board of directors is ultimately responsible for the organization’s information and is tasked with responding to issues that affect its protection. The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department. The chief information security officer (CISO) is responsible for security and carrying out senior management’s directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization’s information.