Who is responsible for ensuring that information is categorized and that specific protective
measures are taken?
A.
The security officer
B.
Senior management
C.
The end user
D.
The custodian
Explanation:
Routine administration of all aspects of security is delegated, but top management must retain
overall responsibility. The security officer supports and implements information security for senior
management. The end user does not perform categorization. The custodian supports and
implements information security measures as directed.