nerdexam
(ISC)2

CISSP · Question #1012

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can

The correct answer is D. System custodian. The security role filled by the head of the IT department is the system custodian. A system custodian is a person who is responsible for the technical implementation and maintenance of the security controls and procedures for a system or a network, as delegated by the system owne

Submitted by ashley.k· Mar 5, 2026Security and Risk Management

Question

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?

Options

  • ASystem analyst
  • BSystem security officer
  • CSystem processor
  • DSystem custodian

How the community answered

(19 responses)
  • B
    5% (1)
  • C
    11% (2)
  • D
    84% (16)

Explanation

The security role filled by the head of the IT department is the system custodian. A system custodian is a person who is responsible for the technical implementation and maintenance of the security controls and procedures for a system or a network, as delegated by the system owner or the senior management. A system custodian performs tasks such as installing, configuring, updating, testing, monitoring, and troubleshooting the system or the network, and ensuring its compliance with the security policies and standards. A system custodian also reports and escalates any security incidents or issues to the system owner or the senior management.

Topics

#security roles#system owner#system custodian#delegation of authority

Community Discussion

No community discussion yet for this question.

Full CISSP Practice