Systems Security Certified Practitioner – SSCP – Question0323
Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist
Correct Answer: A
Explanation:
They are responsible for security of the organization and the protection of its assets. The following answers are incorrect because : Data owner is incorrect as data owners should not decide as to what security measures should be applied. Auditor is also incorrect as auditor cannot decide as to what security measures should be applied. The information security specialist is also incorrect as they may have the technical knowledge of how security measures should be implemented and configured , but they should not be in a position of deciding what measures should be applied.
Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 51.
Please disable your adblocker or whitelist this site!