Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A. Information systems security professionals B. Data owners C. Data custodians D. Information systems auditors
Correct Answer: D
Explanation:
IT auditors determine whether systems are in compliance with the security policies, procedures, standards, baselines, designs, architectures, management direction and other requirements” and “provide top company management with an independent view of the controls that have been designed and their effectiveness.”
“Information systems security professionals” is incorrect. Security professionals develop the security policies and supporting baselines, etc.
“Data owners” is incorrect. Data owners have overall responsibility for information assets and assign the appropriate classification for the asset as well as ensure that the asset is protected with the proper controls.
“Data custodians” is incorrect. Data custodians care for an information asset on behalf of the data owner.
References: CBK, pp. 38 -42. AIO3. pp. 99 -104
Please disable your adblocker or whitelist this site!