Which of the following is normally a responsibility of the chief security officer (CSO)?

A.
Periodically reviewing and evaluating the security policy

B.
Executing user application and software testing and evaluation

C.
Granting and revoking user access to IT resources

D.
Approving access to data and applications

Explanation:
The role of a chief security officer (CSO) is to ensure that the corporate security policy and controls
are adequate to prevent unauthorized access to the company assets, including data, programs and
equipment. User application and other software testing and evaluation normally are the
responsibility of the staff assigned to development and maintenance. Granting and revoking access
to IT resources is usually a function of network or database administrators. Approval of access to
data and applications is the duty of the data owner.