Question

In: Computer Science

Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an...

Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?

A. Information security manager

B. Compliance manager

C. Chief information officer

D. Service delivery manager

Correct Answer: A?????   or   C?????   or   D???????

______________________

Note

■ Some websites claim that the correct answer is "D" ("Service delivery manager").

■ Others websites claim that the correct answer is "C" ("Chief information officer"). I found also this article on the web "It is the responsibility of the Vendor Risk Management Group to update, review and maintain this policy. The Vendor Risk Management Group consists of the Chief Information Officer, the Chief Financial Officer and the Chief Risk Officer" (https://www.audit.nsw.gov.au/sites/default/files/auditoffice/Governance-and-Policies---Current/Third-Party-Security-Policy.pdf). SO THIS ANSWER COULD BE OK…..

■ To be honest I replied with "A" ("Information security manager")

■ What do you think about that?

Solutions

Expert Solution

Ans- A. Information security manager

It's clearly information security manager because it is information security manager who is responsible for protecting the the organisation computer network and data against the the security breaches all type of viruses or hacker attacks or things associated with these.

It's Information security manager primary responsibility. Other options given have diffrent primary resposibility than assessing the security risk.

Service delivery manager I have responsibilities of delivery of service and responsibility of performance and quality of the services it doesn't includes accessing security risks.

Chief information officer is responsible for management and implementation. it is also responsible for the computer technologies companies are using.

though some new responsibilities given to chief information officer but the primary responsibility for accessing security risk is given to information security manager.

i hope it is clear.

If you have any doubt you can comment.

like if you got your answer.

venereology answered 1 month ago
Next > < Previous

Related Solutions

When assessing the risk associated with an activity, an internal auditor should: a) Determine how the...
When assessing the risk associated with an activity, an internal auditor should: a) Determine how the risk should best be managed. b) Provide assurance on the management of the risk. c) Update the risk management process based on risk exposures. d) Design controls to mitigate the identified risks. 12. In deciding whether to schedule the purchasing or the personnel department for an audit engagement, which of the following would be the least important factor? a. There have been major changes...
Who should have the primary responsibility for providing retirement income—employers or employees? You've learned the basics...
Who should have the primary responsibility for providing retirement income—employers or employees? You've learned the basics of accounting for retirement plans, and you know that companies are moving away from traditional pension plans and shifting the investment risk to employees by offering defined contribution plans. Is this a good idea for the economy? For society? For employees? For employers?
Which of following is NOT a step that should be taken to minimize risk associated with...
Which of following is NOT a step that should be taken to minimize risk associated with long-term debt? A company should Select one: a. conduct a thorough business analysis when a decision is made to borrow money b. make sure that there is a high probability of positive financial leverage c. maximize its debt-to-equity ratio d. evaluate the characteristics of the various types of debt
The type of risk associated with the price volatility of a security is known as a....
The type of risk associated with the price volatility of a security is known as a. liquidity risk. b. financial risk. c. market risk. d. business risk.
Discuss factors that an external auditor should consider in assessing the risk of fraudulent financial reporting...
Discuss factors that an external auditor should consider in assessing the risk of fraudulent financial reporting committed by a public company CFO or CEO. In discussing this topic, please consider risks of fraudulent financial reporting that are related to the fraud triangle (i.e., incentive/pressure, opportunity, and rationalization.). Also, research factors that the PCAOB and the AICPA identify as fraudulent financial reporting risks.
What should the nurse do in terms of assessing a patient who has been diagnosed with...
What should the nurse do in terms of assessing a patient who has been diagnosed with Atherosclerosis?
A nurse is assessing a client who is postoperative following a craniotomy. Which of the following...
A nurse is assessing a client who is postoperative following a craniotomy. Which of the following findings requires immediate intervention by the nurse? options: PaCO2 35 mm Hg Intracranial pressure (ICP) 20 mm Hg Pulse oximetry 92% Blood pressure 135/82
13. Who has responsibility for risk acceptance? board operations managers chief risk officer chief executive officer...
13. Who has responsibility for risk acceptance? board operations managers chief risk officer chief executive officer       The correct answer is 14. Which of the following is done FIRST in operational risk management? Identification of controls Identification of risks Determination of cost effectiveness of controls Stress testing       The correct answer is ___ 15. Which of the following would have the HIGHEST priority in a business continuity plan? A. Resuming critical processes B. Recovering sensitive processes C. Restoring the site...
Discuss the audit risk associated with “materiality” should the threshold be disclosed to an auditor’s client.
Discuss the audit risk associated with “materiality” should the threshold be disclosed to an auditor’s client.
What responsibility should the manufacturer of toxic chemicals have for harmful effects that they have years...
What responsibility should the manufacturer of toxic chemicals have for harmful effects that they have years after their initial manufacture and sale? Should manufacturers have foreseen such harms?
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT