Certified Information Security Manager (CISM) — Question 1090

An organization has implemented a new email filter to mitigate risk associated with its email system. Who is BEST suited to be the control owner?

Answer options

• A. Head of IT department
• B. Head of compliance
• C. Head of corporate communications
• D. Head of information security

Correct answer: D

Explanation

The Head of Information Security is the most suitable control owner for the email filter, as they are responsible for protecting the organization's information assets. The other roles, while important, do not have the same level of focus on security measures related to email systems.