Who is ultimately responsible for the organization’s information?
A.
Data custodian
B.
Chief information security officer (CISO)
C.
Board of directors
D.
Chief information officer (CIO)
Explanation:
The board of directors is ultimately responsible for the organization’s information and is tasked
with responding to issues that affect its protection. The data custodian is responsible for the
maintenance and protection of data. This role is usually filled by the IT department. The chief
information security officer (CISO) is responsible for security and carrying out senior
management’s directives. The chief information officer (CIO) is responsible for information
technology within the organization and is not ultimately responsible for the organization’s
information.