Which of the following persons is responsible for testing and verifying whether the security policy is
properly implemented, and the derived security solutions are adequate or not?

A.
Data custodian

B.
Auditor

C.
User

D.
Data owner

Explanation:
An auditor is liable for testing and verifying whether the security policy is properly implemented, and
the derived security solutions are adequate or not. It is the responsibility of the auditor to generate
the compliance and effectiveness reports, which are reviewed by the senior management.
Answer option A is incorrect. The data custodian is responsible for the task of implementing the
prescribed protection defined by the security policy and upper management.
Answer option D is incorrect. The data owner is responsible for classifying information for placement
and protection within the security solution.
Answer option C is incorrect. The user can be any person who has access to the secured system.
Building an Information Security Awareness Program, Contents. “Working with the
Auditors for Fun and Pleasure”