The business stakeholder accountable for the integrity of a new information system is typically the Chief Information Security Officer (CISO). The CISO is responsible for ensuring that the information security measures, including controls and processes, are adequately implemented to protect the integrity, confidentiality, and availability of the system. This includes overseeing the development, implementation, and maintenance of security policies and procedures, conducting risk assessments, and ensuring compliance with relevant standards and regulations.
According to NIST Special Publication 800-53, the CISO plays a crucial role in managing the security and privacy controls for information systems and ensuring these controls are effective throughout the system development life cycle. The CISO's responsibilities encompass the establishment and maintenance of an organization's overall security posture, which directly includes the integrity of new information systems.
I would have thought the system owner would be accountable, the CISO's role is to advise the business owner, but the business owners are accountable for taking the action to protect the system and it is their choice to release it.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
johndoe69
5 months, 3 weeks agoKentish
1 year, 7 months ago