Accountability for the maintenance of appropriate security measures over information assets resides
with the:
A.
security administrator.
B.
systems administrator.
C.
data and systems owners.
D.
systems operations group.
Explanation:
Management should ensure that all information assets (data and systems) have an appointed owner
who makes decisions about classification and access rights. System owners typically delegate day-today custodianship to the systems delivery/operations group and security responsibilities to a
security administrator. Owners, however, remain accountable for the maintenance of appropriate
security measures.