CRISC Certified in Risk and Information Systems Control – Question848

An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

A.
Chief risk officer
B. IT controls manager
C. Chief information security officer
D. Business process owner

Correct Answer: D