Who is ultimately responsible for ensuring that information is categorized and that protective
measures are taken?
A.
Information security officer
B.
Security steering committee
C.
Data owner
D.
Data custodian
Explanation:
Routine administration of all aspects of security is delegated, but senior management must retain
overall responsibility. The information security officer supports and implements information
security for senior management. The data owner is responsible for categorizing data security
requirements. The data custodian supports and implements information security as directed.