Certified Information Security Manager (CISM) — Question 1215

Who is accountable for ensuring proper controls are in place to address the confidentiality and availability of an information system?

Answer options

• A. Information order
• B. Business manager
• C. Senior management
• D. Information security manager

Correct answer: C

Explanation

The correct answer is C, Senior management, as they hold the ultimate responsibility for the organization's overall security posture and ensuring that proper controls are in place. While the Information security manager (D) plays a critical role in implementing these controls, it is senior management that ultimately oversees and ensures their effectiveness. The other options, such as Information order (A) and Business manager (B), do not have the same level of accountability in this context.