Which one of the following statements describes management controls that are instituted to implement a security policy?
A. They prevent users from accessing any control function.
B. They eliminate the need for most auditing functions.
C. They may be administrative, procedural, or technical.
D. They are generally inexpensive to implement.
Which must bear the primary responsibility for determining the level of protection needed for information systems resources?
A. IS security specialists
B. Senior Management
C. Seniors security analysts
D. system auditors