The development of an IS security policy is ultimately the responsibility of the:

A.
IS department.

B.
security committee.

C.
security administrator.

D.
board of directors.

Explanation:
Normally, the designing of an information systems security policy is the responsibility of top management or the
board of directors. The IS department is responsible for the execution of the policy, having no authority in
framing the policy. The security committee also functions within the broad security policy framed by the board of
directors. The security administrator is responsible for implementing, monitoring and enforcing the security
rules that management has established and authorized.