CISA Certified Information Systems Auditor – Question1462

The responsibility for authorizing access to application data should be with the:

A.
data custodian.
B. database administrator (DBA).
C. data owner.
D. security administrator.

Correct Answer: C

Explanation:

Explanation:
Data owners should have the authority and responsibility for granting access to the data and applications for which they are responsible. Data custodians are responsible only for storing and safeguarding the data. The database administrator (DBA) is responsible for managing the database and the security administrator is responsible for implementing and maintaining IS security. The ultimate responsibility for data resides with the data owner.