Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The system and information owners are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own.
IT security practitioners are responsible for proper implementation of security requirements in their IT systems.
Source: STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for Information Technology Systems, 2001 (page 6).
The responsibility of ensuring that proper controls are in place to address the integrity, confidentiality, and availability of IT systems and data falls under the domain of information security management. Therefore, the answer to this question is option B: IT Security practitioners.
IT Security practitioners are responsible for developing and implementing security controls to protect IT systems and data from unauthorized access, theft, or damage. They work with various stakeholders, including business and functional managers, system and information owners, and the Chief Information Officer (CIO) to identify and assess risks to IT systems and data and determine appropriate controls to mitigate those risks.
Business and functional managers are responsible for defining business requirements and ensuring that IT systems and data support those requirements. They work with IT Security practitioners to ensure that security controls do not interfere with business operations.
System and information owners are responsible for the security and proper management of IT systems and data. They work with IT Security practitioners to ensure that security controls are properly implemented and monitored.
The Chief Information Officer (CIO) is responsible for the overall management of IT systems and data, including security. They work with IT Security practitioners to ensure that security controls align with business objectives and comply with relevant regulations and standards.
In summary, while all the stakeholders mentioned in the options have a role to play in ensuring the security of IT systems and data, the primary responsibility for ensuring that proper controls are in place falls on IT Security practitioners.