CRISC Certified in Risk and Information Systems Control – Question416

What should be PRIMARILY responsible for establishing an organization’s IT risk culture?

A. Risk management
B. IT management
C. Business process owner
D. Executive management