CompTIA CySA+ (CS0-001) — Question 184

In the development stage of the incident response policy, the security analyst needs to determine the stakeholders for the policy. Who of the following would be the policy stakeholders?

Answer options

• A. Human resources, legal, public relations, management
• B. Chief Information Officer (CIO), Chief Executive Officer, board of directors, stockholders
• C. IT, human resources, security administrator, finance
• D. Public information officer, human resources, audit, customer service

Correct answer: B

Explanation

The correct answer is B because the Chief Information Officer, Chief Executive Officer, board of directors, and stockholders are key decision-makers and have a vested interest in the incident response policy. The other options contain roles that may have some involvement but do not represent the primary stakeholders who would influence or be affected by high-level policy decisions.