Systems Security Certified Practitioner – SSCP – Question0261
Who is ultimately responsible for the security of computer based information systems within an organization? A. The tech support team B. The Operation Team. C. The management team. D. The training team.
Correct Answer: C
Explanation:
If there is no support by management to implement, execute, and enforce security policies and procedure, then they won’t work. Senior management must be involved in this because they have an obligation to the organization to protect the assests . The requirement here is for management to show “due diligence” in establishing an effective compliance, or security program.
The following answers are incorrect:
The tech support team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.
The Operation Team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.
The Training Team. Is incorrect because the ultimate responsibility is with management for the security of computer-based information systems.
Reference(s) used for this question: OIG CBK Information Security Management and Risk Management (page 20 -22)
Please disable your adblocker or whitelist this site!