A systems interruption caused by a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures is a serious breach of information security and IT risk management. The person who should be accountable for this incident is the chief information officer (CIO), who is responsible for overseeing the IT function and ensuring compliance with IT policies and standards. The CIO should also ensure that appropriate corrective and preventive actions are taken to prevent such incidents from recurring and to mitigate the impact of the systems interruption on the business operations and objectives. The CIO should also report the incident to the senior management and the board of directors, and communicate with the relevant stakeholders about the incident and the actions taken. References = Risk IT Framework, ISACA, 2022, p. 181