Certified Information Security Manager (CISM) — Question 159

Which of the following roles is accountable for ensuring the impact of a new regulatory framework on a business system is assessed?

Answer options

• A. Senior management
• B. Application owner
• C. Legal representative
• D. Information security manager

Correct answer: A

Explanation

Senior management is accountable for overseeing the overall impact of regulatory changes on the business, ensuring that assessments are made in line with strategic goals. The Application owner, Legal representative, and Information security manager may provide input, but they do not have the overarching responsibility for the assessment as senior management does.