We have had a major security breach, one of our honeypots was used for a downstream attack on a rival business, the competitor has lost over $200,000 in revenue. Who is ultimately liable.
A: The IT security team.
B: Middle management.
C: Whomever deployed the honeypot.
D: Senior management.
CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests
D: C-Level executives (senior leadership) are ultimately liable, this does not mean anyone else is not liable, if other people involved did not perform due care and due diligence they may be liable as well, but the questions was ultimately liable.