PrepAway - Latest Free Exam Questions & Answers

when there are security violations?

Who is responsible for initiating corrective measures and capabilities used when there are security violations?

PrepAway - Latest Free Exam Questions & Answers

A.
Information systems auditor

B.
Security administrator

C.
Management

D.
Data owners

Explanation:
Management is responsible for initiating corrective measures and capabilities used when there are security
violations.
Incorrect Answers:
A: The Information systems auditor ensures that the correct controls are in place and are being maintained
securely. The information systems auditor is not responsible for initiating corrective measures and capabilities
used when there are security violations.
B: The security administrator is responsible for implementing and maintaining specific security network devices
and software in the enterprise. These controls commonly include firewalls, IDS, IPS, antimalware, security
proxies, data loss prevention, etc. The security administrator is not responsible for initiating corrective
measures and capabilities used when there are security violations.
D: The data owner decides upon the classification of the data she is responsible for. The data owner is also
responsible for ensuring that the necessary security controls are in place, defining security requirements per
classification and backup requirements, approving any disclosure activities, ensuring that proper access rights
are being used, and defining user access criteria. The data owner is not responsible for initiating correctivemeasures and capabilities used when there are security violations.

https://quizlet.com/31878633/cissp-domain-1-information-security-governance-and-risk-management-flashcards/
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 121-125


Leave a Reply