Who is responsible for providing these reports?

Senior management must receive reports on the effectiveness of security controls. Who is responsible for providing these reports?

A.
Information systems security professionals

B.
Data owners

C.
Data custodians

D.
Information systems auditors

Explanation:
Information systems auditors should conduct regular independent audits
and provide reports to the senior management on the effectiveness of the security
controls.