Which of the following BEST promotes stakeholder accountability in the management of information security risks?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The establishment of information ownership is the best answer to promoting stakeholder accountability in the management of information security risks.
Information ownership refers to the formal assignment of responsibility and accountability for the management of information within an organization. When information ownership is established, the individuals or groups responsible for particular information assets are identified, along with their specific roles and responsibilities in managing those assets. This promotes accountability and ensures that information security risks are managed effectively.
Establishing information ownership helps to ensure that stakeholders understand their roles and responsibilities in managing information security risks. It also provides a framework for accountability, so that if something goes wrong, it is clear who is responsible for addressing the issue. This can help to prevent blame-shifting and ensure that risks are managed effectively.
Targeted security procedures and the establishment of security baselines are important components of an effective information security management program, but they do not directly promote stakeholder accountability. Regular reviews for noncompliance can help to identify areas where stakeholders are not meeting their responsibilities, but they do not establish clear roles and responsibilities or provide a framework for accountability.
Therefore, the establishment of information ownership is the best answer to promoting stakeholder accountability in the management of information security risks.