Who is at the BEST authority to develop the priorities and identify what risks and impacts would
occur if there were loss of the organization’s private information?
A.
External regulatory agencies
B.
Internal auditor
C.
Business process owners
D.
Security management
Explanation:
Business process owners are in best position to judge the risks and impact, as they are most
knowledgeable concerning their systems. Hence they are most suitable for developing and
identifying risks on business.
not understand the impact on business to the extent that business owners could. Hence business
owner is the best authority.