Certified Information Systems Auditor (CISA) — Question 65

An information systems security officer's PRIMARY responsibility for business process applications is to:

Answer options

• A. create role-based rules for each business process.
• B. approve the organization's security policy.
• C. ensure access rules agree with policies.
• D. authorize secured emergency access.

Correct answer: C

Explanation

The primary duty of the information systems security officer is to ensure that access rules are consistent with the organization's policies, as this helps maintain security and compliance. While creating role-based rules, approving security policies, and authorizing emergency access are important tasks, they are not the primary focus of the officer's responsibilities.