Certified Information Security Manager (CISM) — Question 1179

Of the following, who should be assigned as the owner of a newly identified risk related to an organization's new payroll system?

Answer options

• A. Head of IT department
• B. Head of human resources (HR)
• C. Information security manager
• D. Data privacy officer

Correct answer: B

Explanation

The Head of human resources (HR) is the correct choice because they oversee payroll operations and employee-related processes, making them best suited to manage risks associated with the payroll system. The Head of IT, Information security manager, and Data privacy officer may be involved in technical aspects and compliance, but they do not have direct oversight of payroll functions.