Certified Information Security Manager (CISM) — Question 824
In response to recent ransomware threats, an organization deployed a new endpoint detection and response (EDR) solution in its employee laptops. Of the following, who should be accountable for reviewing the solution to verify it has been properly deployed and configured?
Answer options
- A. The security analyst
- B. The chief audit executive (CAE)
- C. The chief information security officer (CISO)
- D. The system administrator
Correct answer: C
Explanation
The chief information security officer (CISO) is ultimately responsible for the security posture of the organization, including the oversight of security solutions like EDR. While the other roles may contribute to the review process, they do not carry the same level of accountability for overall security strategy and compliance as the CISO.