You are working in an enterprise. Your enterprise owned various risks. Which among the following
is MOST likely to own the risk to an information system that supports a critical business process?
A.
System users
B.
Senior management
C.
IT director
D.
Risk management department
Explanation:
Senior management is responsible for the acceptance and mitigation of all risk. Hence they will
also own the risk to an information system that supports a critical business process.
Answer C is incorrect. The IT director manages the IT systems on behalf of the business owners.
Answer D is incorrect. The risk management department determines and reports on level of risk,
but does not own the risk. Risk is owned by senior management.
Answer A is incorrect. The system users are responsible for utilizing the system properly and
following procedures, but they do not own the risk.