I consider as better suited is C. Control owner. The control owner is the person responsible for the implementation, and ongoing operation of a specific control.
Regarding D. Process owner. yes they’re responsible for business processes. If a control impacts their process, they might be involved, but changing the control is still up to the control owner.
I feel like the "suggested correct" answer options of the very last questions of this question pool are not very good. The process owner should decide whether to change controls as he is accountable to security
C-he control owner oversees the implementation, monitoring, and adjustment of controls to address identified risks. They ensure that controls remain effective and aligned with risk management objectives
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SHERLOCKAWS
2 days, 11 hours agoJosef4CISM
2 months, 1 week agoBooict
8 months, 2 weeks agoBl1024
7 months, 3 weeks agofac161f
7 months ago