SSCP Question #347: Real Exam Question with Answer & Explanation

The correct answer is C: The systems auditor. It is the systems auditor that should lead the effort to ensure that the security controls are in place and effective. The audit would verify that the controls comply with polices, procedures, laws, and regulations where applicable. The findings would provide these to senior mana

Submitted by tunde_lagos· Apr 18, 2026Risk Identification, Monitoring and Analysis

Question

Who should measure the effectiveness of Information System security related controls in an organization?

Options

AThe local security specialist
BThe business manager
CThe systems auditor
DThe central security manager

Explanation

It is the systems auditor that should lead the effort to ensure that the security controls are in place and effective. The audit would verify that the controls comply with polices, procedures, laws, and regulations where applicable. The findings would provide these to senior management. The following answers are incorrect: the local security specialist. Is incorrect because an independent review should take place by a third party. The security specialist might offer mitigation strategies but it is the auditor that would ensure the effectiveness of the controls the business manager. Is incorrect because the business manager would be responsible that the controls are in place, but it is the auditor that would ensure the effectiveness of the controls. the central security manager. Is incorrect because the central security manager would be responsible for implementing the controls, but it is the auditor that is responsibe for ensuring their

Topics

#Security audit#Control effectiveness#Auditor responsibilities#Independent assurance

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions