Question

Which of the following is an information security governance responsibility of the chief information security officer?

a. set security policy, procedures, programs, and training.
b. brief the board, customers, and the public.
c. implement incident response programs to detect security vulnerabilities and breaches.
d. develop policies and the program.

Answer 1

The Chief Information Security Officer is charged with setting security policies, procedures, programs, and training, making option a the correct answer.

Step-by-step explanation:

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets are adequately protected. Among the responsibilities of a CISO are:

• Setting security policies, procedures, programs, and training
• Briefing the board, customers, and the public on security matters
• Implementing incident response programs to detect security vulnerabilities and breaches
• Developing security policies and programs

The accurate answer to your question is option a. A CISO is primarily responsible for setting security policy, procedures, programs, and training which are vital elements of information security governance within an organization.