Which of the following is the MOST appropriate individual to implement and maintain the level of
information security needed for a specific business application?
A.
System analyst
B.
Quality control manager
C.
Process owner
D.
Information security manager
Explanation:
Process owners implement information protection controls as determined by the business’ needs.
Process owners have the most knowledge about security requirements for the business
application for which they are responsible. The system analyst, quality control manager, and
information security manager do not possess the necessary knowledge or authority to implement
and maintain the appropriate level of business security.