CISM Certified Information Security Manager – Question1093

Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?

A.
Information security officer
B. Security steering committee
C. Data owner
D. Data custodian

Correct Answer: B

Explanation:

Explanation:
Routine administration of all aspects of security is delegated, but senior management must retain overall responsibility. The information security officer supports and implements information security for senior management. The data owner is responsible for categorizing data security requirements. The data custodian supports and implements information security as directed.