Certified Information Systems Security Professional (CISSP) — Question 304
A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?
Answer options
- A. System security officer
- B. System processor
- C. System custodian
- D. System analyst
Correct answer: C
Explanation
The correct answer is C, System custodian, as this role is responsible for the implementation and management of security measures on information systems, in line with policies set by higher authority like the CIO. The other options do not accurately reflect the role of overseeing the physical and technical aspects of system security that the IT head fulfills.