The development of an IS security policy is ultimately the responsibility of the:

The development of an IS security policy is ultimately the responsibility of the:

A.
IS department.

B.
security committee.

C.
security administrator.

D.
board of directors.

Explanation:

Normally, the designing of an information systems security policy is the responsibility of top
management or the board of directors. The IS department is responsible for the execution of the
policy, having no authority in framing the policy. The security committee also functions within the

broad security policy framed by the board of directors. The security administrator is responsible for
implementing, monitoring and enforcing the security rules that management has established and
authorized.