Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

A.
Data owner

B.
Data custodian

C.
User

D.
Auditor

Explanation:

An auditor is liable for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not. It is the responsibility of the auditor to generate the compliance and effectiveness reports, which are reviewed by the senior management. Answer option B is incorrect. The data custodian is responsible for the task of implementing the prescribed protection defined by the security policy and upper management. Answer option A is incorrect. The data owner is responsible for classifying information for placement and protection within the security solution.
Answer option C is incorrect. The user can be any person who has access to the secured system. Reference: Building an Information Security Awareness Program, Contents. "Working with the Auditors for Fun and Pleasure"