Once a year, a full evaluation is conducted to evaluate the effectiveness of existing security within a company. Controls are evaluated and a final report is created. Who handles this kind of activity?
A.
Data owner
B.
Systems expert
C.
Systems auditor
D.
Senior management
Explanation:
Systems auditors are responsible for providing continual feedback to senior
management on the overall effectiveness of security controls. This activity should
be part of their normal job duties.