Who should make decisions about how a company should approach security and what security measures should be implemented?
A.
Senior management
B.
Data owner
C.
Auditor
D.
Information security specialist
Explanation:
Information security specialists may have the technical knowledge of
how security mechanisms should be implemented and configured, but they should not be
put in position of deciding what measures should be applied. This task is better
assigned to senior management, who is responsible for security of the organization
and the protection of its assets.