C. Senior management
Senior management is ultimately accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system. While the Information Security Manager plays a crucial role in implementing and managing these controls, the responsibility for overall governance and accountability rests with senior management within an organization. Senior management sets the strategic direction and policies for information security, allocates resources, and is responsible for making sure that the necessary measures are in place to protect the confidentiality and availability of information systems.
Ultimately accountable is much different from accountable...ultimately accountable is the highest level of accountability. Information owner and business owners are delegated accountability. I would agree with A. Information owner.
C. Senior management
Senior management is ultimately accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system. While the Information Security Manager plays a crucial role in implementing and managing these controls, the responsibility for overall governance and accountability rests with senior management within an organization. Senior management sets the strategic direction and policies for information security, allocates resources, and is responsible for making sure that the necessary measures are in place to protect the confidentiality and availability of information systems.
The answer is C.
If your system compromised due to lack of security controls and launched a counter attack against another company's system, who will be ultimately accountability over this? It has to be Senior Management.
C. Senior management
I based the answer on the keyword "accountable."
Senior management holds the ultimate accountability for ensuring proper controls are in place to address the confidentiality and availability of an information system. They are responsible for setting the strategic direction of the organization, defining policies and objectives, allocating resources, and making decisions regarding risk management and control implementation. It is their role to provide oversight and governance to ensure that the necessary controls are established, maintained, and continuously improved to protect the organization's information assets. The information security manager, business managers, and other stakeholders play important roles in implementing and supporting these controls, but ultimate accountability lies with senior management.
I did get thrown off by "information order" but like one the below comments says, if it's a typo and it means Information Owner then this definitely is the right answer.
The respective owners are always accountable. ISM is a information custodian not the information owner.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
EZPASS
Highly Voted 2 years agoWladysk
Highly Voted 1 year, 9 months agoyottabyte
Most Recent 8 months agoyottabyte
8 months agooluchecpoint
9 months, 2 weeks agoe891cd1
4 months, 2 weeks agoRaven89
2 weeks, 6 days agoManix
9 months, 3 weeks agooluchecpoint
1 year, 2 months agoAgamennore
1 year, 2 months agoAkam
1 year, 3 months agoGoseu
1 year, 4 months ago[Removed]
1 year, 4 months agorichck102
1 year, 4 months agomad68
1 year, 6 months agoDravidian
1 year, 6 months agoZiggybooboo
2 years agok4d4v4r
2 years, 1 month ago