CISA Certified Information Systems Auditor – Question2193

Who is responsible for providing adequate physical and logical security for IS program, data and equipment?

A.
Data Owner
B. Data User
C. Data Custodian
D. Security Administrator

Correct Answer: D

Explanation:

Explanation:
Security administrator are responsible for providing adequate physical and logical security for IS programs, data and equipment.
For CISA exam you should know below roles in an organization
Data Owners – These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible.
Data Custodian or Data Steward – These people are responsible for storing and safeguarding the data, and include IS personnel such as system analysis and computer operators.
Security Administrator -Security administrator is responsible for providing adequate physical and logical security for IS programs, data and equipment.
Data Users – Data users, including internal and external user community, are the actual user of computerized data. Their level of access into the computer should be authorized by data owners, and restricted and monitor by security administrator.
The following were incorrect answers:
Data Owner- These peoples are generally managers and directors responsible for using information for running and controlling the business.
Data Users – Data users, including internal and external user community, are the actual user of computerized data.
Data custodian is responsible for storing and safeguarding the data, and include IS personnel such as system analyst and computer operators.
Reference:
CISA review manual 2014 Page number 361