Which of the following is normally a responsibility of the chief security officer (CSO)?

A.
Periodically reviewing and evaluating the security policy

B.
Executing user application and software testing and evaluation

C.
Granting and revoking user access to IT resources

D.
Approving access to data and applications

Explanation:
The role of a chief security officer (CSO) is to ensure that the corporate security policy and controls are
adequate to prevent unauthorized access to the company assets, including data, programs and equipment.
User application and other software testing and evaluation normally are the responsibility of the staff assigned
to development and maintenance. Granting and revoking access to IT resources is usually a function of
network or database administrators. Approval of access to data and applications is the duty of the data owner.