A system cannot be made secure by the effort of a single information system manager. If this statement is true, then explain about the roles of all other stakeholders to secure the system.

A Management Information System ICT Revision Questions and Answers

Yes, it is true that an information system cannot be secured by the sole effort of the system administrator or manager. Each and every stakeholders of the system has equal responsibilities and duties regarding the security of the system. So, it is imperative that individual roles, responsibilities and authority are clearly communicated and understood by all. The duties and responsibilities of stakeholders are specified as:
• Executive manager: Assigned overall responsibility for the security of information

• Information systems security professional: responsible for the design, implantation management and review of the organization security policy, standards measure practices and procedures

• Data Owners: responsible for determining sensitivity or classification levels of the data as well as maintaining accuracy and integrity of the data resident on the information system.

• Process Owners: responsible for ensuring that appropriate security, consistent with the organizations security policy, is embedded in their information systems.

• Technology providers: responsible for assisting with the implementation of information security

• Users: Responsible for following the procedures set out in the organization’s security policy

Information system auditors: responsible for providing independent assurance to management on the appropriateness of the security objectives and on whether the security policy, standards, practices and procedures are appropriate and comply with the organizations security objectives.

Leave a Reply

Your email address will not be published. Required fields are marked *