CISA Certified Information Systems Auditor – Question2195

Who is responsible for authorizing access level of a data user?

A.
Data Owner
B. Data User
C. Data Custodian
D. Security Administrator

Correct Answer: A

Explanation:

Explanation:
Data owners are responsible for authorizing access level of a data user. These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.
For your exam you should know below roles in an organization
Data Owners – Data Owners are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.
Data Custodian or Data Steward –are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.
Security Administrator -Security administrator is responsible for providing adequate physical and logical security for IS programs, data and equipment.
Data Users – Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.
The following were incorrect answers:
Security Administrator -Security administrator is responsible for providing adequate and logical security for IS programs, data and equipment.
Data Users – Data users, including internal and external user community, are the actual user of computerized data.
Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.
Reference:
CISA review manual 2014 Page number 361