Certified in the Governance of Enterprise IT (CGEIT) — Question 138

Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?

Answer options

• A. Information systems security officer
• B. Head of retail
• C. Chief risk officer
• D. Chief information officer

Correct answer: A

Explanation

The Information systems security officer is the right choice because they specialize in overseeing security measures and quantifying risks related to data breaches. The Head of retail may not have the technical background to evaluate the breach's impact, while the Chief risk officer and Chief information officer focus on broader risk management and information technology strategies, respectively, rather than directly assessing specific security incidents.